On 20 September 2016 at 12:12, אלעזר <elaz...@gmail.com> wrote: > Moreover, being able to do it programmatically is a security risk, since it > requires elevated privileges that I don't know how to drop, and most people > will not think about doing, but a library implementation will. > > So if someone uses subprocess.run(), and the system asks the user for > elevated privileges, a bug in later code can easily cause serious harm > instead of failing. Yes, untrusted code should be sandboxed - but it isn't, > more often than not.
It's not possible to gain elevated privileges without asking the user (certainly not on Windows, and I don't believe so on Unix). So what you're talking about is getting people used to the idea that running a script they grabbed off the internet would ask them to run it elevated, and they should agree. That sounds to me like a very dangerous lesson to be teaching. (rwt gets round this by installing dependencies to a temporary location for the duration of the script. I *really* recommend that you look into it if you haven't already). Paul _______________________________________________ Python-ideas mailing list Python-ideas@python.org https://mail.python.org/mailman/listinfo/python-ideas Code of Conduct: http://python.org/psf/codeofconduct/
