[Python-Dev] Extending startup code: PEP needed?
Martin von Loewis
Mon, 8 Jan 2001 18:51:28 +0100 (MET)
> Just curious: wouldn't this introduce a /tmp-style problem to
> Python ?
I tried, but I could not produce such a problem.
> The scenario is quite simple: a Python script runs under root.
> The script could pick up a lingering .pth file (e.g. from /tmp
> or one of its subdirs -- distutils does this !) and then executes
> arbitrary code as *root*.
No, Python looks only in a few places for pth file:
so it won't pick up pth files in /tmp.