[Python-Dev] PEP 370, open questions (original) (raw)

Jean-Paul Calderone exarkun at divmod.com
Thu Jan 17 12:35:37 CET 2008

• Previous message: [Python-Dev] PEP 370, open questions
• Next message: [Python-Dev] PEP 370, open questions
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 17 Jan 2008 08:55:51 +0100, Christian Heimes <lists at cheimes.de> wrote:

* Should the site package directory also be ignored if process gid != effective gid?

If it should, I think the PEP should explain the attack this defends against in more detail. The current brief mention of "security issues" is a bit hand-wavey. For example, what is the relationship between security, this feature, and the PYTHONPATH environment variable? Isn't the attack of putting malicious code into a user site-packages directory the same as the attack of putting it into a directory in PYTHONPATH?

Jean-Paul

• Previous message: [Python-Dev] PEP 370, open questions
• Next message: [Python-Dev] PEP 370, open questions
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Python-Dev mailing list