[Pythonmac-SIG] Round 2 with Leopard+Python
Boyd Waters
boydwaters at mac.com
Fri Nov 2 21:59:53 CET 2007
One work-around is to add this line to /etc/sudoers:
Defaults env_keep += "PYTHONPATH"
But that would involve editing a file in /etc as root.
Straightforward enough, but likely to get overwritten and what if the
user screws this up?
So Plan B -
what if you added something in a .pth file in /Library/Python/2.5/
site-packages that re-orders the sys.path?
Wouldn't that always work?
On Nov 2, 2007, at 2:49 PM, Boyd Waters wrote:
>
> On Nov 2, 2007, at 10:16 AM, Brian Granger wrote:
>
>> First, if you have set PYTHONPATH to point
>> sys.path at the site-packages in /Library, this setting will be lost
>> when you do:
>>
>> sudo python setup.py install
>
>
> Ouch, another good one...
>
> This is almost certainly not a bug, but rather a security feature.
>
>> The administrator can add a line to the sudoers file:
>>
>> Defaults env_reset
>>
>> that will reset the environment to only contain the variables
>> HOME, LOGNAME,
>> PATH, SHELL, TERM, and USER, preventing this attack.
>
>
>
More information about the Pythonmac-SIG
mailing list