"Martin v. Loewis" wrote: > > Authors of extension packages often find the need to auto-import some > of their modules. This is often needed for registration, e.g. a codec > author (like Tamito KAJIYAMA, who wrote the JapaneseCodecs package) > may need to register a search function with codecs.register. This is > currently only possible by writing into sitecustomize.py, which must > be done by the system administrator manually. > > To enhance the service of site.py, I've written the patch > > http://sourceforge.net/patch/?func=detailpatch&patch_id=103134&group_id=5470 > > which treats lines in PTH files which start with "import" as > statements and executes them, instead of appending these lines to > sys.path. > > The patch is relatively small, but since it is an extension: Do I need > to write a PEP for it? Just curious: wouldn't this introduce a /tmp-style problem to Python ? The scenario is quite simple: a Python script runs under root. The script could pick up a lingering .pth file (e.g. from /tmp or one of its subdirs -- distutils does this !) and then executes arbitrary code as *root*. -- Marc-Andre Lemburg ______________________________________________________________________ Company: http://www.egenix.com/ Consulting: http://www.lemburg.com/ Python Pages: http://www.lemburg.com/python/
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4