[issue34841] Script’s directory not in sys.path with embeddable Windows distribution
Steve Dower
report at bugs.python.org
Tue Feb 4 19:26:05 EST 2020
Steve Dower <steve.dower at python.org> added the comment:
The install page (https://docs.python.org/3/using/windows.html - linked from the download page) covers non-interactive installs, as well as describing the embeddable distro in detail (https://docs.python.org/3/using/windows.html#windows-embeddable). It sounds like you may be in the right category, but you may also prefer the nuget.org package (https://docs.python.org/3/using/windows.html#windows-nuget), which is intended for arbitrary execution on CI systems rather than constrained execution within another application.
The security concerns are an attacker gaining access to a new machine that they know very little about and searching for a "python.exe" they can use to run their tools. Sure, they can modify their initial script to modify sys.path before trying to import anything, but that's not always possible, so we cut off a number of easy-moderate attacks (and many trivial attacks) by not allowing unanticipated script bundles to be executed.
----------
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue34841>
_______________________________________
More information about the Python-bugs-list
mailing list