Runtime Security

The developers have done their best to assure that use of asupervisord process running as root cannot lead tounintended privilege escalation. But caveat emptor. Supervisoris not as paranoid as something like DJ Bernstein’sdaemontools, inasmuch as supervisord allows forarbitrary path specifications in its configuration file to which datamay be written. Allowing arbitrary path selections can createvulnerabilities from symlink attacks. Be careful when specifyingpaths in your configuration. Ensure that the supervisordconfiguration file cannot be read from or written to by unprivilegedusers and that all files installed by the supervisor package have“sane” file permission protection settings. Additionally, ensure thatyour PYTHONPATH is sane and that all Python standardlibrary files have adequate file permission protections.