blob: a47a1c74a7bd1deb071c523850612fc88e34e1a2 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
|
== Problem: Security risks in preforking. == #???
Situation:
Rainbow implements some pre-fork() module-loading in order to cache the
results of several expensive computations performed by all Python activities.
Rainbow needs to run as uid-0 while loading this code in order to be able to
call setuid() later.
Rainbow needs to handle pass some tainted data to this codebase.
Thoughts:
* $LANG is one obvious trouble spot but there are probably several others.
* Scott suggests that there may be a PAM module helpful for cleaning tainted
environment data.
|
