Home - News ( United States | United Kingdom | Italy | Germany ) - Football scores

Showing content from https://mail.python.org/pipermail/python-dev/2008-January/076243.html below:

[Python-Dev] PEP 370, open questions

• Previous message: [Python-Dev] PEP 370, open questions
• Next message: [Python-Dev] PEP 370, open questions
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 17 Jan 2008 08:55:51 +0100, Christian Heimes <lists at cheimes.de> wrote:
>
>* Should the site package directory also be ignored if process
>  gid != effective gid?

If it should, I think the PEP should explain the attack this defends
against in more detail.  The current brief mention of "security issues"
is a bit hand-wavey.  For example, what is the relationship between
security, this feature, and the PYTHONPATH environment variable?  Isn't
the attack of putting malicious code into a user site-packages directory
the same as the attack of putting it into a directory in PYTHONPATH?

Jean-Paul

• Previous message: [Python-Dev] PEP 370, open questions
• Next message: [Python-Dev] PEP 370, open questions
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

RetroSearch is an open source project built by @garambo | Open a GitHub Issue

Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo

HTML: 3.2 | Encoding: UTF-8 | Version: 0.7.4