[issue16202] sys.path[0] security issues
Nick Coghlan
report at bugs.python.org
Sat Sep 10 04:15:06 EDT 2016
Nick Coghlan added the comment:
Reviewing the issue, I think there's still an open question regarding the way distutils handles generated script execution that may impact setuptools as, so adding Jason to the nosy list.
For the "don't set sys.path[0] by default" aspect, we would need a different executable that uses more paranoid defaults, which would be contingent on the PEP 432 startup refactoring landing for 3.7 (as too much behaviour is currently embedded inside Py_Main for alternate defaults to be reasonably maintained).
----------
nosy: +jason.coombs
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue16202>
_______________________________________
More information about the Python-bugs-list
mailing list