[Python-Dev] Extending startup code: PEP needed?

Martin von Loewis loewis@informatik.hu-berlin.de
Mon, 8 Jan 2001 18:51:28 +0100 (MET)

> Just curious: wouldn't this introduce a /tmp-style problem to
> Python ?

I tried, but I could not produce such a problem.

> The scenario is quite simple: a Python script runs under root.
> The script could pick up a lingering .pth file (e.g. from /tmp
> or one of its subdirs -- distutils does this !) and then executes
> arbitrary code as *root*.

No, Python looks only in a few places for pth file: 

so it won't pick up pth files in /tmp.