On 1 September 2014 16:07, Paul Moore email@example.com wrote:
On 31 August 2014 23:10, Nick Coghlan firstname.lastname@example.org wrote:
Assuming sslcustomize was in site-packages rather than the standard library directories, you would also be able to use virtual environments with an appropriate sslcustomize module to disable cert checking even if the application you were running didn't support direct configuration.
Would this mean that a malicious package could install a custom sslcustomize.py and so add unwanted certs to the system? I guess we have to assume that installed packages are trusted, but I just wanted to be explicit.
Yes, it would have exactly the same security failure modes as sitecustomize, except it would only fire if the application imported the ssl module.
The "-S" and "-I" switches would need to disable the implied "sslcustomize", just as they disable "import site".