[Python-Dev] Use ptyhon -s as default shbang for system python executables/daemons

[Victor Stinner]

2015-03-18 16:46 GMT+01:00 Orion Poplawski <orion at cora.nwra.com>:
> We're starting a discussion in Fedora about setting the default shbang for
> system python executables and/or daemons to python -s or python -Es (or ?).

Python 3.4 has -I which is more strict than -Es.

It remembers me "Perl suid", /usr/bin/sperl. Maybe we should have a
"spython" program which is like "python -I" (so it means adding
spython, spython3, spython3.5).

Does it work to pass command line options to Python in the shebang?

> Basically we're wanting to avoid locally installed items causing security
> issues or other bad behavior, without too adversely affecting users'
> abilities to work around issues or intentionally alter behavior.
>
> It would be good to get some feedback from the broader python community
> before implementing anything, so I'm asking for feedback here.

Personally, instead of having to enable a switch to have a safe
Python, I would prefer to have a safe Python by default and enable an
option to enter the unsafe mode.

But it may break backward compatibility depending on changes made in
Python if we take this way.

Victor