Michael Foord wrote:
(I'm honestly not sure how creating a writable directory is a security
issue?)
I suspect people are thinking of an attack where an untrusted user
installs a package that looks like a normal one, but actually does
something nefarious like install a rootkit (and perhaps does what the
package is meant to do as well). If the administrator then uses the
package, the machine is compromised.
Cheers,
Giles
--
Giles Thomas
giles.tho...@resolversystems.com
+44 (0) 20 7253 6372
17a Clerkenwell Road, London EC1M 5RD, UK
VAT No.: GB 893 5643 79
Registered in England and Wales as company number 5467329.
Registered address: 843 Finchley Road, London NW11 8NA, UK
_______________________________________________
Users mailing list
Users@lists.ironpython.com
http://lists.ironpython.com/listinfo.cgi/users-ironpython.com