> On Sep 1, 2014, at 1:01 PM, Christian Heimes <christian at python.org> wrote: > > On 01.09.2014 17:35, Nick Coghlan wrote: >> Oh, now I get what you mean - yes, sitecustomize already poses the same >> kind of problem as the proposed sslcustomize (hence the existence of the >> related command line options). > > If an attacker is able to place a module like sitecustomize.py in an > import directory or any .pth file in a site-packages directory than this > Python installation is compromised. .pth files are insidious because > they are always loaded and their code is always executed. I don't see > how sslcustomize is going to make a difference here. > Right, this is the point I was trying to make. If you’ve installed a malicious package it’s game over. There’s nothing Python can do to help you. --- Donald Stufft PGP: 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.python.org/pipermail/python-dev/attachments/20140901/7b495c49/attachment.html>
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4