On 10 May 2015 at 11:44, Chris Angelico <rosuav at gmail.com> wrote: > On Sun, May 10, 2015 at 4:13 AM, M.-A. Lemburg <mal at egenix.com> wrote: >> By providing a way to intentionally switch off the new default, >> we do make people aware of the risks and that's good enough, >> while still maintaining the contract people rightly expect of >> patch level releases of Python. > > Just as long as it's the sysadmin, and NOT some random attacker over > the internet, who has the power to downgrade security. Environment > variables can be attacked in various ways. They can, and the bash fun was very good evidence of that. OTOH if someones environment is at risk, PATH and PYTHONPATH are already very effective attack vectors. -Rob -- Robert Collins <rbtcollins at hp.com> Distinguished Technologist HP Converged Cloud
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4