-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Antoine Pitrou napsal(a): > Hello, > > I don't think it has already posted to the list, apologies if it has. > > Some Linux tools and vendors have been hit by an alleged "security hole" where > an embedded Python interpreter will prepend the current working directory to > sys.path as soon as PySys_SetArgv() is called by the embedding application. > This > means, for example, that a Python file in the working directory can break > plugins or extensions written for that application if the Python file happens > to > shadow another module. > > Regardless of whether this is a security hole or not, it certainly can make > things disturbingly surprising when the situation arises. In the bug report > (http://bugs.python.org/issue5753), I suggested we add a new function > PySys_SetArgvEx() which would take an additional parameter telling whether to > touch sys.path or not (in the same spirit as Py_InitializeEx() providing a > more > flexible API than Py_Initialize()). > > On the other hand, I don't think we can change the default behaviour of > PySys_SetArgv(), since there are probably tools and applications relying on it > (the obvious use case which comes to my mind is a third-party interactive > interpreter). > > Any opinions? yes! Actually, i wanted to propose and implement something like this back when this vulnerability appeared, but i never got to it. I'd propose to create a whole new function, called, say, PySys_FillArgv() (no, i don't think that's a very good name) that would - -only- fill sys.argv and not touch sys.path. In addition to that, there would be a function like PySys_SetScriptPath() that would not fill sys.argv, but prepend the script's directory to sys.path Then i'd reimplement PySys_SetArgv as { PySys_FillArgv(); PySys_SetScriptPath(); } And as a final killing step, i would never ever mention PySys_SetArgv anywhere but in its own documentation ;e) And especially not in the first page of "Embedding Python". My rationale is that the only application deliberately using PySys_SetArgv the way it's written is a Python interpreter. For that, it's desirable to have '.' in sys.path _when no script is being executed_. For *all other applications*, this makes no sense ;e) regards m. > > Regards > > Antoine. > > > _______________________________________________ > Python-Dev mailing list > Python-Dev@python.org > http://mail.python.org/mailman/listinfo/python-dev > Unsubscribe: > http://mail.python.org/mailman/options/python-dev/jmatejek%40suse.cz -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.11 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iEYEARECAAYFAkoJwywACgkQjBrWA+AvBr8UQwCgmLdu+aq9pYUxbSn/7i7hF1dK lw0AnRo0UCBbszxtzeXNcmmdO7d9sYx4 =0tU7 -----END PGP SIGNATURE----- _______________________________________________ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com