
== Problem: Security risks in preforking. ==  #???

Situation:

  Rainbow implements some pre-fork() module-loading in order to cache the
  results of several expensive computations performed by all Python activities.

  Rainbow needs to run as uid-0 while loading this code in order to be able to
  call setuid() later.

  Rainbow needs to handle pass some tainted data to this codebase.

Thoughts:

  * $LANG is one obvious trouble spot but there are probably several others.

  * Scott suggests that there may be a PAM module helpful for cleaning tainted
    environment data.

