[Python-Dev] disable writing .py[co] (original) (raw)

Michael Hudson mwh@python.net
21 Jan 2003 13:54:07 +0000

• Previous message: [Python-Dev] disable writing .py[co]
• Next message: [Python-Dev] disable writing .py[co]
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Skip Montanaro <skip@pobox.com> writes:

Michael> The idea of writing .pycs to a world writable area (say /tmp) Michael> on a multi-user system sounds like a Bad Thing.

As I mentioned in my original note, you'd prepend PYCROOT to the .py file and append 'c' to create a filename for the .pyc file. If socket.py was found in /usr/lib/python2.3/socket.py and PYCROOT was set to /tmp, you'd try to read from/write to /tmp/usr/lib/python2.3/socket.pyc. The only requirement on PYCROOT would be that /tmp would have to exist. The user wouldn't be responsible for creating the full directory tree underneath /tmp.

Nooo, it was the security implications that bothered me.

I'm still somewhat confused by the need for this change beyond coping with dubious installations that shouldn't be our problem.

Cheers, M.

-- surely, somewhere, somehow, in the history of computing, at least one manual has been written that you could at least remotely attempt to consider possibly glancing at. -- Adam Rixey

• Previous message: [Python-Dev] disable writing .py[co]
• Next message: [Python-Dev] disable writing .py[co]
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]