[Python-Dev] Extending startup code: PEP needed?
M.-A. Lemburg
mal@lemburg.com
Mon, 08 Jan 2001 16:26:21 +0100
"Martin v. Loewis" wrote:
>
> Authors of extension packages often find the need to auto-import some
> of their modules. This is often needed for registration, e.g. a codec
> author (like Tamito KAJIYAMA, who wrote the JapaneseCodecs package)
> may need to register a search function with codecs.register. This is
> currently only possible by writing into sitecustomize.py, which must
> be done by the system administrator manually.
>
> To enhance the service of site.py, I've written the patch
>
> http://sourceforge.net/patch/?func=detailpatch&patch_id=103134&group_id=5470
>
> which treats lines in PTH files which start with "import" as
> statements and executes them, instead of appending these lines to
> sys.path.
>
> The patch is relatively small, but since it is an extension: Do I need
> to write a PEP for it?
Just curious: wouldn't this introduce a /tmp-style problem to
Python ?
The scenario is quite simple: a Python script runs under root.
The script could pick up a lingering .pth file (e.g. from /tmp
or one of its subdirs -- distutils does this !) and then executes
arbitrary code as *root*.
--
Marc-Andre Lemburg
______________________________________________________________________
Company: http://www.egenix.com/
Consulting: http://www.lemburg.com/
Python Pages: http://www.lemburg.com/python/