[Python-Dev] Extending startup code: PEP needed?
Guido van Rossum
guido@python.org
Mon, 08 Jan 2001 14:36:02 -0500
> Still, wouldn't it be wise to add some logic to Python to prevent
> importing untrusted modules, e.g. by making sys.path read-only and
> disabling the import hook usage using a command line ?
>
> This would at least prevent the most obvious attacks. I wonder how
> RedHat works around these problems.
I don't understand what kind of attacks you are thinking of. What
would making sys.path read-only prevent? You seem to be thinking that
some malicious piece of code could try to subvert you by setting
sys.path. But what you forget is that if this piece of code cannot be
trusted wiuth sys.path, it should not be trusted to run at all!
--Guido van Rossum (home page: http://www.python.org/~guido/)