[Python-Dev] Python 2.7.7. on Windows

Steven D'Aprano steve at pearwood.info
Tue Apr 29 05:52:52 CEST 2014 

On Tue, Apr 29, 2014 at 12:07:00PM +0900, Stephen J. Turnbull wrote:
> Mike Miller writes:
> 
>  > Microsoft's guidelines on where to install software are clear, and
>  > don't make exceptions that "tools" should be installed to the root
>  > of the drive to bypass file system permissions, for convenience.
> 
> But there's the rub.  In this case, Microsoft doesn't have *security*,
> it has "guidelines".  They are *still* guidelines, not security,
> *exactly* because it's convenient for somebody.  The fact that taking
> advantage of that convenience has the side effect of bypassing
> filesystem permissions is unfortunate (and a bug in Windows IMO).
> 
> Note that if users actually paid attention to these guidelines, we'd
> be getting complaints from *them*, not from you.  I don't recall ever
> seeing that.  That implies that "normal users" will install anything
> anwhere anyway.

I don't think that argument is terribly useful. If people waited for 
"normal users" to complain before doing something about Heartbeat, we'd 
be in a pretty pickle. "Normal users" don't understand the technology 
well enough to have a valid threat model or judge the consequences, and 
they are confused by a mixture of ignorance, misinformation and hype. 
It's up to technical users to lead, not to follow.


> If it's that unimportant to Microsoft, 

I think that's unfair. I'm not a MS fan, not even close. I think their 
business practices in the past have been reprehensible. But if there is 
anyone who takes backwards-compatibility even more seriously than 
Python-Dev, it is them. You should give them the courtesy of assuming 
that their decision is not based on apathy, but on *exactly* the same 
reasoning that *you* apply below:

> I see insufficient reason why
> we should risk confusing those "normal users" who already have Python
> 2.7 installed (and as pointed out, they *are* at risk precisely
> because the proposal changes the default install location).

And thus security vulnerabilities never get fixed :-)

I don't have an opinion on the importance or magnitude of this security 
vulnerability, the risk of confusion, or whether it should be fixed or 
not. But I wonder why the installer is ignoring the OS's guidelines for 
where software should be installed? If this were Apple we were talking 
about, would we ignore their guidelines? Or on Linux, would we blithly 
install Python in / instead of (say) /usr/local/bin? I don't think so. I 
would have thought that the mere fact that Microsoft disapproves of 
installing applications into the root should be good enough reason to 
not do it. In the absense of an extremely compelling reason not to do 
so, we should be a "good citizen" regardless of the OS.



-- 
Steven

More information about the Python-Dev mailing list