[Python-Dev] Extending startup code: PEP needed?

M.-A. Lemburg mal@lemburg.com
Mon, 08 Jan 2001 16:26:21 +0100

"Martin v. Loewis" wrote:
> Authors of extension packages often find the need to auto-import some
> of their modules. This is often needed for registration, e.g. a codec
> author (like Tamito KAJIYAMA, who wrote the JapaneseCodecs package)
> may need to register a search function with codecs.register. This is
> currently only possible by writing into sitecustomize.py, which must
> be done by the system administrator manually.
> To enhance the service of site.py, I've written the patch
> http://sourceforge.net/patch/?func=detailpatch&patch_id=103134&group_id=5470
> which treats lines in PTH files which start with "import" as
> statements and executes them, instead of appending these lines to
> sys.path.
> The patch is relatively small, but since it is an extension: Do I need
> to write a PEP for it?

Just curious: wouldn't this introduce a /tmp-style problem to
Python ?

The scenario is quite simple: a Python script runs under root.
The script could pick up a lingering .pth file (e.g. from /tmp
or one of its subdirs -- distutils does this !) and then executes
arbitrary code as *root*.

Marc-Andre Lemburg
Company:                                        http://www.egenix.com/
Consulting:                                    http://www.lemburg.com/
Python Pages:                           http://www.lemburg.com/python/