Web   ·   Wiki   ·   Activities   ·   Blog   ·   Lists   ·   Chat   ·   Meeting   ·   Bugs   ·   Git   ·   Translate   ·   Archive   ·   People   ·   Donate
summaryrefslogtreecommitdiffstats
path: root/docs/pre-forking
diff options
context:
space:
mode:
Diffstat (limited to 'docs/pre-forking')
-rw-r--r--docs/pre-forking20
1 files changed, 20 insertions, 0 deletions
diff --git a/docs/pre-forking b/docs/pre-forking
new file mode 100644
index 0000000..a47a1c7
--- /dev/null
+++ b/docs/pre-forking
@@ -0,0 +1,20 @@
+
+== Problem: Security risks in preforking. == #???
+
+Situation:
+
+ Rainbow implements some pre-fork() module-loading in order to cache the
+ results of several expensive computations performed by all Python activities.
+
+ Rainbow needs to run as uid-0 while loading this code in order to be able to
+ call setuid() later.
+
+ Rainbow needs to handle pass some tainted data to this codebase.
+
+Thoughts:
+
+ * $LANG is one obvious trouble spot but there are probably several others.
+
+ * Scott suggests that there may be a PAM module helpful for cleaning tainted
+ environment data.
+
generated by cgit v0.9.1 at 2024-05-12 15:29:03 (GMT)