Mailinglist Archive: opensuse-factory (381 mails)

< Previous Next >
Re: [opensuse-factory] Re: [opensuse-packaging] Proposal to remove pyc/pyo from Python on TW
  • From: Joachim Wagner <jwagner@xxxxxxxxxxxxxxxx>
  • Date: Fri, 05 Oct 2018 16:10:56 +0100
  • Message-id: <1589372.hDbXNKLHUv@e5430>
If Python is started as non-privileged this user would need write access
to pycache.

Or is the plan to have separate caches for each user?

Or do you want to implement privilege escalation in the
Python shim loader?

How about splitting the cache into two users with normal privileges? When
python running as a normal user does not find a cache entry it contacts a
local service running as the other user to request a cache entry for a py
file. The service checks that the py file is from the system (to prevent users
from feeding malicious py files to the service), compiles it and puts it into
the cache. Optionally, it could check the cache size and delete some of the
files that have not been accessed in a while.



--
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-factory+owner@xxxxxxxxxxxx

< Previous Next >