[Python-Dev] PEP 476: Enabling certificate validation by default! (original) (raw)
Antoine Pitrou solipsis at pitrou.net
Mon Sep 1 15:34:30 CEST 2014
- Previous message: [Python-Dev] PEP 476: Enabling certificate validation by default!
- Next message: [Python-Dev] PEP 476: Enabling certificate validation by default!
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Mon, 1 Sep 2014 23:24:39 +1000 Chris Angelico <rosuav at gmail.com> wrote:
On Mon, Sep 1, 2014 at 10:41 PM, Antoine Pitrou <antoine at python.org> wrote: > Not sure why. Just put another module named "ssl" in sys.modules directly. > You can also monkeypatch the genuine ssl module.
That has to be done inside the same process. But imagine this scenario: You have a program that gets invoked as root (or some other user than yourself), and you're trying to fiddle with what it sees. You don't have root access, but you can manipulate the file system, to the extent that your userid has access. What can you do to affect this other program?
If you're root you shouldn't run untrusted code. See https://docs.python.org/3/using/cmdline.html#cmdoption-I
Regards
Antoine.
- Previous message: [Python-Dev] PEP 476: Enabling certificate validation by default!
- Next message: [Python-Dev] PEP 476: Enabling certificate validation by default!
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]