[issue38722] runpy should use io.open_code() instead of open()
Steve Dower
report at bugs.python.org
Mon Nov 18 14:10:40 EST 2019
Steve Dower <steve.dower at python.org> added the comment:
It's a security issue because Python 3.8 says it will open files to be executed with io.open_code() instead of open(). This allows a way to bypass that.
That said, this appears to be a fallback case, so I'm not hugely concerned. I haven't quite figured out why it would fall back here (that involved reading the pkgutil sources ;) ).
I would vote for backporting to 3.8.1, but if Tal wants to push back and nobody else has an opinion then whatever.
----------
nosy: +christian.heimes
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue38722>
_______________________________________
More information about the Python-bugs-list
mailing list