New submission from stocker81: Python's interpreter doesn't keep proper file permissions after importing library. See the fallowing:
[EMAIL PROTECTED] ~ $ echo "key='top secret'" > key.py [EMAIL PROTECTED] ~ $ chmod 600 key.py [EMAIL PROTECTED] ~ $ python Python 2.4.4 (#1, Jan 8 2008, 21:22:16) [GCC 4.1.2 (Gentoo 4.1.2 p1.0.1)] on linux2 Type "help", "copyright", "credits" or "license" for more information. >>> import key >>> [EMAIL PROTECTED] ~ $ ls -l key.py* -rw------- 1 mk mk 17 II 8 20:09 key.py -rw-r--r-- 1 mk mk 120 II 8 20:09 key.pyc [EMAIL PROTECTED] ~ $ So, interpreter creates 644 pyo file (visible for all) which contains secret data from 600 py file. I think it should keep the original permissions, someone can save a important data (eg. SQL login/pwd into Django's settings.py) into library and makes it visible for all by an accident. ---------- components: None messages: 62203 nosy: stocker81 severity: normal status: open title: PYO file permission problem type: security versions: Python 2.4 __________________________________ Tracker <[EMAIL PROTECTED]> <http://bugs.python.org/issue2051> __________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
