This issue tracker has been migrated to GitHub ,
and is currently read-only.
For more information,
see the GitHub FAQs in the Python's Developer Guide.
| Author | stocker81 |
|---|---|
| Recipients | stocker81 |
| Date | 2008年02月08日.19:28:30 |
| SpamBayes Score | 0.010929383 |
| Marked as misclassified | No |
| Message-id | <1202498912.62.0.957005802385.issue2051@psf.upfronthosting.co.za> |
| In-reply-to |
| Content | |
|---|---|
Python's interpreter doesn't keep proper file permissions after importing library. See the fallowing: mk@laptop ~ $ echo "key='top secret'" > key.py mk@laptop ~ $ chmod 600 key.py mk@laptop ~ $ python Python 2.4.4 (#1, Jan 8 2008, 21:22:16) [GCC 4.1.2 (Gentoo 4.1.2 p1.0.1)] on linux2 Type "help", "copyright", "credits" or "license" for more information. >>> import key >>> mk@laptop ~ $ ls -l key.py* -rw------- 1 mk mk 17 II 8 20:09 key.py -rw-r--r-- 1 mk mk 120 II 8 20:09 key.pyc mk@laptop ~ $ So, interpreter creates 644 pyo file (visible for all) which contains secret data from 600 py file. I think it should keep the original permissions, someone can save a important data (eg. SQL login/pwd into Django's settings.py) into library and makes it visible for all by an accident. |
|
| History | |||
|---|---|---|---|
| Date | User | Action | Args |
| 2008年02月08日 19:28:32 | stocker81 | set | spambayes_score: 0.0109294 -> 0.010929383 recipients: + stocker81 |
| 2008年02月08日 19:28:32 | stocker81 | set | spambayes_score: 0.0109294 -> 0.0109294 messageid: <1202498912.62.0.957005802385.issue2051@psf.upfronthosting.co.za> |
| 2008年02月08日 19:28:32 | stocker81 | link | issue2051 messages |
| 2008年02月08日 19:28:31 | stocker81 | create | |