[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-bugs] #13581 [Ooni]: bin/* should avoid hacking sys.path
#13581: bin/* should avoid hacking sys.path
-----------------------+-------------------------
Reporter: infinity0 | Owner: hellais
Type: defect | Status: new
Priority: normal | Milestone:
Component: Ooni | Version:
Keywords: | Actual Points:
Parent ID: | Points:
-----------------------+-------------------------
bin/ooni{deckgen,probe,report,resources} currently hacks sys.path to add
the current working directory. I am guessing this is done so developers
can run bin/ooniprobe from a source checkout, and have python still able
to find the ooni python modules.
However, this is a security hole if ooniprobe has extra capabilities (e.g.
in the setuid wrapper I'm writing, so that ooni itself doesn't have to run
as root) - the user can add their own ./ooni/etc fake modules, which will
run with these extra capabilities.
It's also not a clean design to add development-specific hacks to
production deployed code. For example in flashproxy, we have a similar
problem and we solve it differently:
https://gitweb.torproject.org/flashproxy.git/blob/HEAD:/facilitator/HACKING
<dawuud> or devs should do exactly what is done in production which is...
run the program in a docker image
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/13581>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs