On Tue, Oct 6, 2009 at 11:53 AM, Giles Thomas <giles.tho...@resolversystems.com> wrote: > Michael Foord wrote: >> >> (I'm honestly not sure how creating a writable directory is a security >> issue?) > > I suspect people are thinking of an attack where an untrusted user installs > a package that looks like a normal one, but actually does something > nefarious like install a rootkit (and perhaps does what the package is meant > to do as well). If the administrator then uses the package, the machine is > compromised.
Exactly. And Python doesn't have codesigning or such to prevent such an attack. For desktops it might not seem like a big deal, but for servers it's an absolute disaster. It's better if it's not even possible. - Jeff _______________________________________________ Users mailing list Users@lists.ironpython.com http://lists.ironpython.com/listinfo.cgi/users-ironpython.com
