[New-bugs-announce] [issue33019] Review usage of environment variables in the stdlib
Antoine Pitrou
report at bugs.python.org
Wed Mar 7 14:07:32 EST 2018
New submission from Antoine Pitrou <pitrou at free.fr>:
Python supports a mode where the interpreter ignores environment variables such as PYTHONPATH, etc.
However, there are places in the stdlib where environment-sensitive decisions are made, without regard for the ignore-environment flag.
Examples include:
- ssl.get_default_verify_paths() queries SSL_CERT_FILE and SSL_CERT_DIR
- shutil.which() queries PATH
- the tempfile module queries TMPDIR, TEMP, TMP to select the defaut directory for temporary files
Do you think those need to be sanitized?
----------
components: Library (Lib)
messages: 313393
nosy: alex, christian.heimes, pitrou
priority: normal
severity: normal
status: open
title: Review usage of environment variables in the stdlib
type: security
versions: Python 3.6, Python 3.7, Python 3.8
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue33019>
_______________________________________
More information about the New-bugs-announce
mailing list