[New-bugs-announce] [issue23947] Add mechanism to import stdlib package bypassing user packages

Steve Dower report at bugs.python.org
Tue Apr 14 16:45:19 CEST 2015

New submission from Steve Dower:

There are some situations where the stdlib imports modules that could be absent, notably "import readline" in site.py. This import is expected to fail in some situations, but because sys.path is fully configured it can be importing arbitrary code.

To limit these imports to only installed packages, we could add a fake _stdlib module with __path__ set to a restricted set (approximately/exactly(?) what -I uses) and an importlib helper to import it and alias it in sys.modules.

Open question about what to do when a user has already imported their own module and it isn't the stdlib one. We discussed displaying a warning in this case.

If the import helper is private we should be able to backport to 2.7/3.4 easily enough.

components: Library (Lib)
messages: 240896
nosy: brett.cannon, christian.heimes, eric.snow, ncoghlan, steve.dower
priority: normal
severity: normal
status: open
title: Add mechanism to import stdlib package bypassing user packages
versions: Python 2.7, Python 3.4, Python 3.5

Python tracker <report at bugs.python.org>

More information about the New-bugs-announce mailing list