[issue16202] sys.path[0] security issues
Jeroen Demeyer
report at bugs.python.org
Fri Oct 12 09:32:54 CEST 2012
Jeroen Demeyer added the comment:
Robert: I don't think that running scripts in /tmp is inherently unsafe. It is Python's sys.path handling which makes it unsafe. That being said, I am not against distutils being "fixed" but I do think the root issue should be fixed.
And of course you're right about complicated permission checking and ACLs and what not. But I think my patch does the Right Thing in 99% of the cases, in particular for /tmp. I tried to err on the safe side.
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue16202>
_______________________________________
More information about the Python-bugs-list
mailing list