On 2 Sep 2014 00:59, "Antoine Pitrou" <solipsis at pitrou.net> wrote: > > On Tue, 2 Sep 2014 00:53:11 +1000 > Nick Coghlan <ncoghlan at gmail.com> wrote: > > > > > > To be frank I don't understand what you're arguing about. > > > > When I said "shadowing ssl can be tricky to arrange", Chris correctly > > interpreted it as referring to the filesystem based privilege escalation > > scenario that isolated mode handles, not to normal in-process > > monkeypatching or module injection. > > There's no actual difference. You can have a sitecustomize.py that does > the monkeypatching or the shadowing. There doesn't seem to be anything > "tricky" about that. Oh, now I get what you mean - yes, sitecustomize already poses the same kind of problem as the proposed sslcustomize (hence the existence of the related command line options). I missed that you had switched to talking about using that attack vector, rather than trying to shadow stdlib modules directly through the filesystem (which is the only tricky thing I was referring to). Cheers, Nick. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.python.org/pipermail/python-dev/attachments/20140902/0fa901b4/attachment.html>
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4