On Wed, Dec 22, 2004 at 12:52:30AM +0800, Jeff Pitman wrote: > Anyhowl, we can pre-compile ourselves in an individual spec, but that > doesn't fix the issue with %ghost. To my knowledge and what google has > on record is that %ghost was used to "save space" since pyo didn't > really "save time". However, python executed with -O as root actually > introduces .pyo files in /usr/lib/python2.3/site-packages anyway which > could have implications for read-only /usr (which I think python just > ignores anyway), but more importantly for setups with tripwire > triggers. Not being personally familiar with this type of security > issue, I'm wondering out loud if we should even care about %ghost. > On my laptop I definitely care about it. 6MB of disk doesn't stretch very far. On my desktop, the savings is appreciated. But it may not justify making tripwire harder to deal with (I don't run tripwire.) OTOH, a read-only /usr should prevent python from creating the pyo files so that's less of an issue. Additionally, aren't python optimized files a non-default setting? So someone had to set root on the tripwire enabled boxes to create these files in the first place? -Toshio
