[Tutor] Security [Was: Re: Decoding]
Eric Brunson
brunson at brunson.com
Tue Aug 14 18:46:47 CEST 2007
Luke Paireepinart wrote:
> Eric Brunson wrote:
>> Michael Sparks wrote:
>>
>>> On Monday 13 August 2007 21:53, Kent Johnson wrote:
>>>
>>>> Hmm...could be a remote connection such as ssh, which precludes the
>>>> sledgehammer though probably not the sort of mischief you can get into
>>>> with eval()...perhaps there are untrusted remote connections where
>>>> eval() would still be a significant risk, I don't know...
>>>>
>>> If they can ssh into a box, the likelihood of that ssh connection
>>> *only* allowing them access to run that single python program
>>> strikes me as vanishingly small :-)
>>>
>>>
>>
>> Unless you set it up that way specifically, i.e. making the
>> interactive python program their login shell or specifying it to be
>> run in their .ssh/config.
>>
>>
>> P.S.
>> Michael, sorry for the double post to you, I missed the "reply all"
>> button the first time.
>>
> I don't think you missed on account of me receiving two e-mails as
> well. :)
> -Luke
Python: easy
Email: hard
;-)
More information about the Tutor
mailing list