In article <4ba80418.6030...@canterbury.ac.nz>, Greg Ewing <greg.ew...@canterbury.ac.nz> wrote:
> Antoine Pitrou wrote: > > > In light of this issue, I'm -0.5 on __pycache__ becoming the default > > caching > > mechanism. The directory ownership/permissions issue is too much of a mess, > > especially for Web applications (think __pycache__ files created by the > > Apache > > user). > > Doesn't the existing .pyc mechanism have the same problem? Seems > to me it's just as insecure to allow the Apache user to create > .pyc files, since an attacker could overwrite them with arbitrary > bytecode. > > The only safe way is to pre-compile under a different user and > make everything read-only to Apache. The same thing would apply > under the __pycache__ regime. This does sound like a bit security hole both in existing Python and the new __pycache__ proposed mechanism. It seems like this is the time to address it, while changing the caching mechanism. If .pyc files are to be shared, it seems essential to (by default) generate them at install time and make them read-only for unprivileged users. This in turn implies that we may have to give up some support for dragging python modules into site-packages, e.g. not generate .pyc files for such modules. At least if we go that route it will mostly affect power users, who can presumably cope. -- Russell _______________________________________________ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
