On Wed, Oct 30, 2019 at 08:12:12AM +0000, Paul Moore wrote: > On Tue, 29 Oct 2019 at 22:42, Steven D'Aprano <st...@pearwood.info> wrote: > > I expect that with a bit more thought I could come up with some more > > scenarios where the behaviour of Python programs could change in very > > surprising ways. > > If you add a module with the same name as a stdlib module to sys.path, > current semantics are that the stdlib wins.
I don't think so... shadowing of the stdlib by accident is a common problem. https://www.reddit.com/r/Python/comments/hy2gr/beginner_trouble_using_urllib/ https://stackoverflow.com/questions/25476044/error-while-trying-to-import-socket > The proposed semantics > would allow the added module to *add* functions (in effect). Consider > a malicious module that adds names that match common typos for stdlib > functions. Such a module could cause a typo in user code to trigger an > exploit, rather than simply failing. While unlikely to happen, this > has the potential to be a new security vulnerability. If an attacker can write files in sys.path, they've already won :-) -- Steven _______________________________________________ Python-ideas mailing list -- python-ideas@python.org To unsubscribe send an email to python-ideas-le...@python.org https://mail.python.org/mailman3/lists/python-ideas.python.org/ Message archived at https://mail.python.org/archives/list/python-ideas@python.org/message/TYK46OA6LQUTI32I6GBLDN47EVMBUUZ4/ Code of Conduct: http://python.org/psf/codeofconduct/