undefined | Better HN

0 pointscolatkinson3y ago0 comments

Packages can do weird things like auto-loading into the interpreter (example: [0]). So in a scenario where a malicious package has ended up on your machine, you're a bit screwed whether it's a .so or a .py. I believe that was the point OP was making -- a pure-Python wheel is not really any safer than a wheel with embedded binaries.

[0]: https://github.com/pyston/pyston/blob/1d65d4831912179c26bb27...

0 comments

Godel_unicode3y ago

It’s like tor though; everyone that’s malicious doesn’t do this but the ratio is much higher so be much more suspicious. Security isn’t about silver bullets, it’s about a compilation of tricks that make malicious things more obvious.

ikekkdcjkfke3y ago

I like how we assume that programs running with the full rights of the user is normal.

j / k navigate · click thread line to collapse

0 comments

Godel_unicode3y ago

ikekkdcjkfke3y ago

I like how we assume that programs running with the full rights of the user is normal.

j / k navigate · click thread line to collapse