#13579: test_executable security risk
------------------------------------------------+---------------------------
Reporter: vbraun | Owner: mvngu
Type: defect | Status: needs_review
Priority: blocker | Milestone: sage-5.4
Component: doctest | Resolution:
Keywords: | Work issues:
Report Upstream: N/A | Reviewers: Volker Braun,
Jeroen Demeyer
Authors: Jeroen Demeyer, Volker Braun | Merged in:
Dependencies: | Stopgaps:
------------------------------------------------+---------------------------
Comment (by jdemeyer):
Replying to [comment:12 jdemeyer]:
> Replying to [comment:11 vbraun]:
> > Its pretty difficult to reliably determine if others have write access
to the directory. Your system might not use the traditional u/g/o security
model but rely on one of the SELinux ACMs, or even a completely different
security model.
I think all systems on which Sage runs have at least the classic unix
security model. Additions like SELinux mostly affect system services, and
normally have no impact on normal users. As far as Python or Sage is
concerned, I think we can still check the standard Unix permissions.
--
Ticket URL: <http://trac.sagemath.org/sage_trac/ticket/13579#comment:13>
Sage <http://www.sagemath.org>
Sage: Creating a Viable Open Source Alternative to Magma, Maple, Mathematica,
and MATLAB
--
You received this message because you are subscribed to the Google Groups
"sage-trac" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/sage-trac?hl=en.
