[Python-ideas] CLI option for isolated mode
M.-A. Lemburg
mal at egenix.com
Fri Nov 9 09:19:04 CET 2012
On 08.11.2012 23:13, Christian Heimes wrote:
> Hi everybody,
>
> I like to propose a new option for the Python interpreter:
>
> python -I
>
> It shall start the interpreter in isolated mode which ignores any
> environment variables set by the user and any files installed by the
> user. The mode segregate a Python program from anything an unpriviliged
> user is able to modify and uses only files that are installed by a
> system adminstrator.
>
> The isolated mode implies -E (ignore all PYTHON* environment vars) and
> -s (don't add user site directory). It also refrains from the inclusion
> of '' or getcwd() to sys.path. TKinter doesn't load and execute Python
> scripts from the user's home directory. Other parts of the stdlib should
> be checked, too.
>
> The option is intended for OS and application scripts that doesn't want
> to become affected by user installed files or files in the current
> working path of a user.
>
> The idea is motivated by a couple of bug reports, for example:
>
> https://bugs.launchpad.net/bugs/938869 lsb_release crashed with SIGABRT
> in Py_FatalError()
>
> http://bugs.python.org/issue16202 sys.path[0] security issues
>
> http://bugs.python.org/issue16248 Security bug in tkinter allows for
> untrusted, arbitrary code execution.
Sounds like a good idea. I'd be interested in this, because it would
make debugging user installation problems easier.
The only thing I'm not sure about is the option character "-I". It
reminds me too much of the -I typically used for include paths
in C compilers :-)
BTW: In order to have Python applications respect this flag, there
should be an easy way to access this flag in Python programs, e.g.
sys.ignore_user_env.
--
Marc-Andre Lemburg
eGenix.com
Professional Python Services directly from the Source (#1, Nov 09 2012)
>>> Python Projects, Consulting and Support ... http://www.egenix.com/
>>> mxODBC.Zope/Plone.Database.Adapter ... http://zope.egenix.com/
>>> mxODBC, mxDateTime, mxTextTools ... http://python.egenix.com/
________________________________________________________________________
::: Try our new mxODBC.Connect Python Database Interface for free ! ::::
eGenix.com Software, Skills and Services GmbH Pastor-Loeh-Str.48
D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg
Registered at Amtsgericht Duesseldorf: HRB 46611
http://www.egenix.com/company/contact/
More information about the Python-ideas
mailing list