[New-bugs-announce] [issue16499] CLI option for isolated mode
Christian Heimes
report at bugs.python.org
Sun Nov 18 15:26:11 CET 2012
New submission from Christian Heimes:
I like to propose a new option for the Python interpreter:
python -I
It shall start the interpreter in isolated mode which ignores any
environment variables set by the user and any files installed by the
user. The mode segregate a Python program from anything an unpriviliged
user is able to modify and uses only files that are installed by a
system adminstrator.
The isolated mode implies -E (ignore all PYTHON* environment vars) and
-s (don't add user site directory). It also refrains from the inclusion
of '' or getcwd() to sys.path. TKinter doesn't load and execute Python
scripts from the user's home directory. Other parts of the stdlib should
be checked, too.
The option is intended for OS and application scripts that doesn't want
to become affected by user installed files or files in the current
working path of a user.
The idea is motivated by a couple of bug reports, for example:
https://bugs.launchpad.net/bugs/938869 lsb_release crashed with SIGABRT
in Py_FatalError()
http://bugs.python.org/issue16202 sys.path[0] security issues
http://bugs.python.org/issue16248 Security bug in tkinter allows for
untrusted, arbitrary code execution.
---
The idea has been discussed at http://mail.python.org/pipermail/python-ideas/2012-November/017766.html.
----------
assignee: christian.heimes
messages: 175874
nosy: barry, christian.heimes, lemburg
priority: normal
severity: normal
stage: patch review
status: open
title: CLI option for isolated mode
type: security
versions: Python 3.4
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue16499>
_______________________________________
More information about the New-bugs-announce
mailing list