Python does not play well with others

[Paul Rubin]

"Graham Dumpleton" <grahamd at dscpl.com.au> writes:
> The first is whether it would be possible for code to be run with
> elevated privileges given that the main Apache process usually is
> started as root. I'm not sure at what point it switches to the special
> user Apache generally runs as and whether in the main process the way
> this switch is done is enough to prevent code getting back root
> privileges in some way, so would need to be looked into.

It switches very early, I think.  It starts as root so it can listen
on port 80.

> There is also much more possibility for code, if it runs up extra
> threads, to interfere with the operation of the Apache parent process.

Certainly launching any new threads should be postponed til after the
fork.