There is a serious security issue that I reported to celery recently, and the maintainer suggested that it may affect python-daemon as well. He is currently working on a fix for celery.
https://groups.google.com/forum/#!topic/celery-users/iIqBL-kZCBQ The summary is that worker daemon processes in celery by default will change their umask to 0. Then if they create new files, those files will be world-writable. Looking at PEP 3143, it seems that python-daemon may also have a default umask of 0. Zero is is not a safe or expected default. The safe default is for a process to not change its inherited umask unless explicitly directed to do so. Having a setting to change it is fine, but the default behavior should be "no change". The impact of this behavior is that unless a user knows to explicitly set a safe umask on their daemon processes, they could end up with world-writable files without realizing it. Let me know if it would be helpful to elaborate on why this is insecure. Michael _______________________________________________ python-daemon-devel mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/python-daemon-devel
