[Python-Dev] PEP 476: Enabling certificate validation by default! (original) (raw)

Donald Stufft donald at stufft.io
Mon Sep 1 18:48:23 CEST 2014

On Sep 1, 2014, at 11:35 AM, Nick Coghlan <ncoghlan at gmail.com> wrote:

On 2 Sep 2014 00:59, "Antoine Pitrou" <solipsis at pitrou.net <mailto:solipsis at pitrou.net>> wrote: > > On Tue, 2 Sep 2014 00:53:11 +1000 > Nick Coghlan <ncoghlan at gmail.com <mailto:ncoghlan at gmail.com>> wrote: > > > > > > To be frank I don't understand what you're arguing about. > > > > When I said "shadowing ssl can be tricky to arrange", Chris correctly > > interpreted it as referring to the filesystem based privilege escalation > > scenario that isolated mode handles, not to normal in-process > > monkeypatching or module injection. > > There's no actual difference. You can have a sitecustomize.py that does > the monkeypatching or the shadowing. There doesn't seem to be anything > "tricky" about that. Oh, now I get what you mean - yes, sitecustomize already poses the same kind of problem as the proposed sslcustomize (hence the existence of the related command line options). I missed that you had switched to talking about using that attack vector, rather than trying to shadow stdlib modules directly through the filesystem (which is the only tricky thing I was referring to). Cheers, Nick.

Python-Dev mailing list Python-Dev at python.org https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/donald%40stufft.io

Or you can just install something with easy_install, or you can drop a .pth file and monkey patch there. You can’t stop people from overriding modules, it’s trivial to do. The sys.path ordering just makes it slightly less trivial.

— Donald Stufft PGP: 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA

-------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.python.org/pipermail/python-dev/attachments/20140901/c24dce42/attachment-0001.html>

More information about the Python-Dev mailing list