|
mike at mikebell.org
mike at mikebell.org
Wed Feb 20 14:51:42 EST 2002
On Wed, Feb 20, 2002 at 04:26:15PM -0600, Dustin Mitchell wrote: > Be **very** careful if you do this -- the security implications of allowing > write access to your source files are pretty enormous. For example, if > someone can write a file to your system (perhaps through a bug in a > file-upload system?), they can upload their own program to do whatever damage > they would like. Well, you can still have the programs within the writable directory owned by someone else and only readable by the web server's UID, however this still allows one to upload bad .pyo files. I'm not sure whether python has any checks other than mtime but I imagine one could do /something/ malicious in this manner.
|