[Python-Dev] PEP: per user site-packages directory (original) (raw)
Christian Heimes lists at cheimes.de
Mon Jan 21 13:09:51 CET 2008
- Previous message: [Python-Dev] #! magic
- Next message: [Python-Dev] PEP: per user site-packages directory
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Jan Claeys wrote:
There should be a way for distro developers to make sure the users local 'site-packages' is not used when running those tools.
I'd rather have to set/uncomment an environment variable on my system than having 100 "normal" users break their systems accidentally... ;-)
"#!/usr/bin/env python -E -s" doesn't work on most Unices. [1] I came up with two possible solutions. Both depend on a new 'paranoid' flag -P which disables several features like PYTHON* env vars, inspect interactively, user site directory and the '' in sys.path.
Create a new, minimal Python executable which sets Py_ParanoidFlag to a true value and calls Py_Main(). The new executable is to be named pythons2.x (python secure).
Add a new source flag "# -- py-paranoid --" which must be in the second or third line of a script. Modules/main.c:Py_Main() checks for the flag around line 430.
A rough Python version of the C code could look like:
def find_paranoid(fname): if not os.path.isfile(fname): return data = open(fname).read(4096) if not data.startswith("#!"): return for i in (1, 2): data = data[data.find('\n'):] if data.startswith("# -- py-paranoid --"): return True return False
Christian
[1] Cygwin discussion thread about #! env http://www.cygwin.com/ml/cygwin/2002-02/msg00657.html/
- Previous message: [Python-Dev] #! magic
- Next message: [Python-Dev] PEP: per user site-packages directory
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]