[Python-Dev] PEP 476: Enabling certificate validation by default! (original) (raw)
Chris Angelico rosuav at gmail.com
Mon Sep 1 15:42:10 CEST 2014
- Previous message: [Python-Dev] PEP 476: Enabling certificate validation by default!
- Next message: [Python-Dev] PEP 476: Enabling certificate validation by default!
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Mon, Sep 1, 2014 at 11:34 PM, Antoine Pitrou <solipsis at pitrou.net> wrote:
On Mon, 1 Sep 2014 23:24:39 +1000 Chris Angelico <rosuav at gmail.com> wrote:
On Mon, Sep 1, 2014 at 10:41 PM, Antoine Pitrou <antoine at python.org> wrote: > Not sure why. Just put another module named "ssl" in sys.modules directly. > You can also monkeypatch the genuine ssl module.
That has to be done inside the same process. But imagine this scenario: You have a program that gets invoked as root (or some other user than yourself), and you're trying to fiddle with what it sees. You don't have root access, but you can manipulate the file system, to the extent that your userid has access. What can you do to affect this other program? If you're root you shouldn't run untrusted code. See https://docs.python.org/3/using/cmdline.html#cmdoption-I
Right, which is why sslcustomize has to be controlled by that, but the possibility of patching (or monkeypatching) ssl.py isn't as big a deal.
ChrisA
- Previous message: [Python-Dev] PEP 476: Enabling certificate validation by default!
- Next message: [Python-Dev] PEP 476: Enabling certificate validation by default!
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]