%ghost .pyo
Toshio Kuratomi
toshio at tiki-lounge.com
Tue Dec 21 21:45:48 UTC 2004
On Wed, Dec 22, 2004 at 12:52:30AM +0800, Jeff Pitman wrote:
> Anyhowl, we can pre-compile ourselves in an individual spec, but that
> doesn't fix the issue with %ghost. To my knowledge and what google has
> on record is that %ghost was used to "save space" since pyo didn't
> really "save time". However, python executed with -O as root actually
> introduces .pyo files in /usr/lib/python2.3/site-packages anyway which
> could have implications for read-only /usr (which I think python just
> ignores anyway), but more importantly for setups with tripwire
> triggers. Not being personally familiar with this type of security
> issue, I'm wondering out loud if we should even care about %ghost.
>
On my laptop I definitely care about it. 6MB of disk doesn't stretch very
far. On my desktop, the savings is appreciated. But it may not justify
making tripwire harder to deal with (I don't run tripwire.) OTOH, a
read-only /usr should prevent python from creating the pyo files so that's
less of an issue. Additionally, aren't python optimized files a non-default
setting? So someone had to set root on the tripwire enabled boxes to
create these files in the first place?
-Toshio
More information about the devel
mailing list