[issue46601] macOS installer "Install Certificates.command" fails if pip is not installed
Chris Drake added the comment: So it looks like a dependency error in the installer then? It obviously makes no sense for pip to required before the python installer can work - chicken-and-egg issue - the installer should install what it needs of course, which I guess includes pip if that's really needed at this stage... -- ___ Python tracker <https://bugs.python.org/issue46601> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue46601] Instructions do not work
New submission from Chris Drake : See https://github.com/python/pythondotorg/issues/1774#issuecomment-1025250329 -- components: macOS messages: 412257 nosy: cryptophoto, ned.deily, ronaldoussoren priority: normal severity: normal status: open title: Instructions do not work versions: Python 3.11 ___ Python tracker <https://bugs.python.org/issue46601> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue42472] security hole in eval()
Chris Drake added the comment: The specification specifically allows for the restriction of access to globals via the second argument to eval. While Christian and Victor make interesting, albeit suicidal, comments and references to other efforts, the fact remains that this is a violation of the standard, and is an exploitable security issue. It's worth noting that the 1980's are long over now - people take security seriously these days, even when it's inconvenient. The fix seems ridiculously trivial for what it's worth; introduce a flag that honors the intent of the second argument. -- ___ Python tracker <https://bugs.python.org/issue42472> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue42472] security hole in eval()
New submission from Chris Drake :
This should not work:-
python3.7 -c
'print(eval("().__class__.__base__.__subclasses__()[-1].__init__.__globals__",{"__builtins__":
{}},{"__builtins__": {}}))'
and should be properly fixed.
--
messages: 381892
nosy: cryptophoto
priority: normal
severity: normal
status: open
title: security hole in eval()
type: security
versions: Python 3.7
___
Python tracker
<https://bugs.python.org/issue42472>
___
___
Python-bugs-list mailing list
Unsubscribe:
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue40526] documentation bad on asyncio
New submission from Chris Drake :
> The sample on this page is not demonstrating anything asynchronous:
> https://docs.python.org/3/library/asyncio.html
Put something that is relevant please. e.g.
import asyncio
import time
async def say_after(delay, what):
await asyncio.sleep(delay)
print(what)
async def main():
print(f"started at {time.strftime('%X')}")
await say_after(2, 'world')
await say_after(1, 'hello')
print(f"finished at {time.strftime('%X')}")
asyncio.run(main())
--
components: asyncio
messages: 368223
nosy: asvetlov, cnd, yselivanov
priority: normal
severity: normal
status: open
title: documentation bad on asyncio
versions: Python 3.9
___
Python tracker
<https://bugs.python.org/issue40526>
___
___
Python-bugs-list mailing list
Unsubscribe:
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
