[Python-checkins] gh-57684: Document safe path in What's New in Python 3.11 (#92362)

vstinner webhook-mailer at python.org
Thu May 5 22:53:16 EDT 2022


https://github.com/python/cpython/commit/5f29268283aba12d4f2c83cab4966286e0ac5128
commit: 5f29268283aba12d4f2c83cab4966286e0ac5128
branch: main
author: Victor Stinner <vstinner at python.org>
committer: vstinner <vstinner at python.org>
date: 2022-05-06T04:53:00+02:00
summary:

gh-57684: Document safe path in What's New in Python 3.11 (#92362)

Mention also -P and PYTHONSAFEPATH in the Security Considerations
page.

files:
M Doc/library/security_warnings.rst
M Doc/whatsnew/3.11.rst

diff --git a/Doc/library/security_warnings.rst b/Doc/library/security_warnings.rst
index 26b015c0f8fc7..f985dc4acd11c 100644
--- a/Doc/library/security_warnings.rst
+++ b/Doc/library/security_warnings.rst
@@ -32,3 +32,9 @@ The following modules have specific security considerations:
 * :mod:`xml`: :ref:`XML vulnerabilities <xml-vulnerabilities>`
 * :mod:`zipfile`: :ref:`maliciously prepared .zip files can cause disk volume
   exhaustion <zipfile-resources-limitations>`
+
+The :option:`-I` command line option can be used to run Python in isolated
+mode. When it cannot be used, the :option:`-P` option or the
+:envvar:`PYTHONSAFEPATH` environment variable can be used to not prepend a
+potentially unsafe path to :data:`sys.path` such as the current directory, the
+script's directory or an empty string.
diff --git a/Doc/whatsnew/3.11.rst b/Doc/whatsnew/3.11.rst
index efcfa17600879..c84b36f8d6c40 100644
--- a/Doc/whatsnew/3.11.rst
+++ b/Doc/whatsnew/3.11.rst
@@ -79,6 +79,12 @@ New typing features:
 * :pep:`673`: ``Self`` type.
 * :pep:`675`: Arbitrary literal string type.
 
+Security improvements:
+
+* New :option:`-P` command line option and :envvar:`PYTHONSAFEPATH` environment
+  variable to not prepend a potentially unsafe path to :data:`sys.path` such as
+  the current directory, the script's directory or an empty string.
+
 
 New Features
 ============



More information about the Python-checkins mailing list