[Python-Dev] Extending startup code: PEP needed?

[Martin von Loewis]

> Just curious: wouldn't this introduce a /tmp-style problem to
> Python ?

I tried, but I could not produce such a problem.

> The scenario is quite simple: a Python script runs under root.
> The script could pick up a lingering .pth file (e.g. from /tmp
> or one of its subdirs -- distutils does this !) and then executes
> arbitrary code as *root*.

No, Python looks only in a few places for pth file: 
{<prefix>,<exec_prefix>}{,/lib/python<version>/site-packages,/lib/site-python}

so it won't pick up pth files in /tmp.

Regards,
Martin