New submission from Antoine Pitrou <pit...@free.fr>: Python supports a mode where the interpreter ignores environment variables such as PYTHONPATH, etc.
However, there are places in the stdlib where environment-sensitive decisions are made, without regard for the ignore-environment flag. Examples include: - ssl.get_default_verify_paths() queries SSL_CERT_FILE and SSL_CERT_DIR - shutil.which() queries PATH - the tempfile module queries TMPDIR, TEMP, TMP to select the defaut directory for temporary files Do you think those need to be sanitized? ---------- components: Library (Lib) messages: 313393 nosy: alex, christian.heimes, pitrou priority: normal severity: normal status: open title: Review usage of environment variables in the stdlib type: security versions: Python 3.6, Python 3.7, Python 3.8 _______________________________________ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue33019> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
