On 08.11.2012 23:13, Christian Heimes wrote:
Hi everybody,
I like to propose a new option for the Python interpreter:
python -I
It shall start the interpreter in isolated mode which ignores any environment variables set by the user and any files installed by the user. The mode segregate a Python program from anything an unpriviliged user is able to modify and uses only files that are installed by a system adminstrator.
The isolated mode implies -E (ignore all PYTHON* environment vars) and -s (don't add user site directory). It also refrains from the inclusion of '' or getcwd() to sys.path. TKinter doesn't load and execute Python scripts from the user's home directory. Other parts of the stdlib should be checked, too.
The option is intended for OS and application scripts that doesn't want to become affected by user installed files or files in the current working path of a user.
The idea is motivated by a couple of bug reports, for example:
https://bugs.launchpad.net/bugs/938869 lsb_release crashed with SIGABRT in Py_FatalError()
http://bugs.python.org/issue16202 sys.path[0] security issues
http://bugs.python.org/issue16248 Security bug in tkinter allows for untrusted, arbitrary code execution.
Sounds like a good idea. I'd be interested in this, because it would make debugging user installation problems easier. The only thing I'm not sure about is the option character "-I". It reminds me too much of the -I typically used for include paths in C compilers :-) BTW: In order to have Python applications respect this flag, there should be an easy way to access this flag in Python programs, e.g. sys.ignore_user_env. -- Marc-Andre Lemburg eGenix.com Professional Python Services directly from the Source (#1, Nov 09 2012)
Python Projects, Consulting and Support ... http://www.egenix.com/ mxODBC.Zope/Plone.Database.Adapter ... http://zope.egenix.com/ mxODBC, mxDateTime, mxTextTools ... http://python.egenix.com/
::: Try our new mxODBC.Connect Python Database Interface for free ! :::: eGenix.com Software, Skills and Services GmbH Pastor-Loeh-Str.48 D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg Registered at Amtsgericht Duesseldorf: HRB 46611 http://www.egenix.com/company/contact/