[Dev] Security of a Chandler installation
Phillip J. Eby
pje at telecommunity.com
Tue Aug 30 15:32:02 PDT 2005
At 03:28 PM 8/30/2005 -0700, Grant Baillie wrote:
>On Aug 30, 2005, at 15:12, Heikki Toivonen wrote:
>
>>It is conceivable that someone might want to install a read-only
>>installation of the Chandler executable and deny users the ability to
>>run with extensions.
>
>Maybe I'm not understanding the requirement right, but is this
>possible (assuming determined enough users) with a python app?
>
>E.g. you can always run the interpreter with environment variables to
>pick up your own versions of modules which enable extensions.
The -E option to Python disables most of the environment variables; I'm not
sure if it disables all of them, though.
>Alternatively, you can hack your own interpreter to run whatever code
>you want.
Assuming you have a place in the filesystem you can write to, to put it in. :)
More information about the Dev
mailing list