[IronPython] Default install location and site-packages
jdhardy at gmail.com
Tue Oct 6 15:47:47 PDT 2009
On Tue, Oct 6, 2009 at 11:53 AM, Giles Thomas
<giles.thomas at resolversystems.com> wrote:
> Michael Foord wrote:
>> (I'm honestly not sure how creating a writable directory is a security
> I suspect people are thinking of an attack where an untrusted user installs
> a package that looks like a normal one, but actually does something
> nefarious like install a rootkit (and perhaps does what the package is meant
> to do as well). If the administrator then uses the package, the machine is
Exactly. And Python doesn't have codesigning or such to prevent such an attack.
For desktops it might not seem like a big deal, but for servers it's
an absolute disaster. It's better if it's not even possible.
More information about the Users