On Tue, 29 Oct 2019 at 22:42, Steven D'Aprano <st...@pearwood.info> wrote:
> I expect that with a bit more thought I could come up with some more
> scenarios where the behaviour of Python programs could change in very
> surprising ways.

If you add a module with the same name as a stdlib module to sys.path,
current semantics are that the stdlib wins. The proposed semantics
would allow the added module to *add* functions (in effect). Consider
a malicious module that adds names that match common typos for stdlib
functions. Such a module could cause a typo in user code to trigger an
exploit, rather than simply failing. While unlikely to happen, this
has the potential to be a new security vulnerability.

Paul
_______________________________________________
Python-ideas mailing list -- python-ideas@python.org
To unsubscribe send an email to python-ideas-le...@python.org
https://mail.python.org/mailman3/lists/python-ideas.python.org/
Message archived at 
https://mail.python.org/archives/list/python-ideas@python.org/message/SVLKWQBLIY5GZUCP7L4HW7TVUZLR7QAO/
Code of Conduct: http://python.org/psf/codeofconduct/

Reply via email to