This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author stocker81
Recipients stocker81
Date 2008-02-08.19:28:30
SpamBayes Score 0.010929383
Marked as misclassified No
Message-id <1202498912.62.0.957005802385.issue2051@psf.upfronthosting.co.za>
In-reply-to
Content
Python's interpreter doesn't keep proper file permissions after
importing library. See the fallowing:

mk@laptop ~ $ echo "key='top secret'" > key.py
mk@laptop ~ $ chmod 600 key.py 
mk@laptop ~ $ python
Python 2.4.4 (#1, Jan  8 2008, 21:22:16) 
[GCC 4.1.2 (Gentoo 4.1.2 p1.0.1)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import key
>>> 
mk@laptop ~ $ ls -l key.py*
-rw------- 1 mk mk  17 II  8 20:09 key.py
-rw-r--r-- 1 mk mk 120 II  8 20:09 key.pyc
mk@laptop ~ $ 

So, interpreter creates 644 pyo file (visible for all) which contains
secret data from 600 py file.
I think it should keep the original permissions, someone can save a
important data (eg. SQL login/pwd into Django's settings.py) into
library and makes it visible for all by an accident.
History
Date User Action Args
2008-02-08 19:28:32stocker81setspambayes_score: 0.0109294 -> 0.010929383
recipients: + stocker81
2008-02-08 19:28:32stocker81setspambayes_score: 0.0109294 -> 0.0109294
messageid: <1202498912.62.0.957005802385.issue2051@psf.upfronthosting.co.za>
2008-02-08 19:28:32stocker81linkissue2051 messages
2008-02-08 19:28:31stocker81create