[mod_python] .pyc and .pyo bytecode files under mod_python ?

mike at mikebell.org mike at mikebell.org
Wed Feb 20 14:51:42 EST 2002

On Wed, Feb 20, 2002 at 04:26:15PM -0600, Dustin Mitchell wrote:
> Be **very** careful if you do this -- the security implications of allowing
> write access to your source files are pretty enormous.  For example, if
> someone can write a file to your system (perhaps through a bug in a
> file-upload system?), they can upload their own program to do whatever damage
> they would like.

Well, you can still have the programs within the writable directory owned by
someone else and only readable by the web server's UID, however this still
allows one to upload bad .pyo files. I'm not sure whether python has any
checks other than mtime but I imagine one could do /something/ malicious in
this manner.

More information about the Mod_python mailing list