Hello World
Steven D'Aprano
steve+comp.lang.python at pearwood.info
Mon Dec 22 04:18:13 EST 2014
Steve Hayes wrote:
> Yes, my initial reaction was "that's awesome".
>
> And my second thought was that it was scary.
>
> I ran it. It worked, and printed "Hello world". I was awed.
>
> But what if I had run it and it reformatted my hard disk?
>
> How would I have known that it would or wouldn't do that?
That's why I didn't run it myself :-)
Seriously. I read the blog post, it seemed legitimate, I could follow the
explanation for how it worked well enough to be convinced it would work,
but I didn't try running it myself.
If I had, I would have made sure I was running as an unprivileged user, not
the superuser/Administrator account. Actually, since I care more about my
personal files than the operating system, I'd prefer to *not* use my normal
account. This being Linux, I can run suspicious code as the "nobody" user:
[steve at ando ~]$ sudo -u nobody python -c "print 'Hello World'"
Hello World
Running as nobody limits the harm a rogue script might do:
[steve at ando ~]$ sudo -u nobody python -c "import os;
os.listdir('/home/steve')"
Traceback (most recent call last):
File "<string>", line 1, in ?
OSError: [Errno 13] Permission denied: '/home/steve'
Ultimately, I'm trusting the security of my operating system.
--
Steven
More information about the Python-list
mailing list