[Python-Dev] Extending startup code: PEP needed?
M.-A. Lemburg
mal@lemburg.com
Mon, 08 Jan 2001 19:40:37 +0100
Guido van Rossum wrote:
>
> Discussions based on Python running as root and picking up untrusted
> code from $PYTHONPATH are pointless. Of course this is a security
> hole. If root runs *any* Python script in a way that could pick up
> even a single untrusted module, there's a security hole. site.py or
> *.pth files are just a special case of this, so I don't see why this
> is used as an example.
Agreed; see my reply to Martin.
Still, wouldn't it be wise to add some logic to Python to prevent
importing untrusted modules, e.g. by making sys.path read-only and
disabling the import hook usage using a command line ?
This would at least prevent the most obvious attacks. I wonder how
RedHat works around these problems.
--
Marc-Andre Lemburg
______________________________________________________________________
Company: http://www.egenix.com/
Consulting: http://www.lemburg.com/
Python Pages: http://www.lemburg.com/python/