Steve Dower <steve.do...@python.org> added the comment: > A compromise would be to refuse to start on "python3 -I directory" to remain > secure
What would that achieve, considering that "python3 -I directory/__main__.py" would let you start with exactly the same sys.path?[*] The only change that might be of any value would be to resolve the path as early as possible so that an absolute path is added to sys.path[0]. Not adding the directory of the startup script is a breaking change with no security benefits -- it has to stay there. -I is not a protection against command-line arguments. [*] On Windows, using the filename seems to resolve the directory while using just the directory name does not. I'm not sure why they aren't identical, and obviously I think they should be, but I'd expect the initialization work to streamline it (when getpath.c becomes sensible). ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue32324> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
