[Python-Dev] Extending startup code: PEP needed?

M.-A. Lemburg mal@lemburg.com
Mon, 08 Jan 2001 19:40:37 +0100

Guido van Rossum wrote:
> Discussions based on Python running as root and picking up untrusted
> code from $PYTHONPATH are pointless.  Of course this is a security
> hole.  If root runs *any* Python script in a way that could pick up
> even a single untrusted module, there's a security hole.  site.py or
> *.pth files are just a special case of this, so I don't see why this
> is used as an example.

Agreed; see my reply to Martin.

Still, wouldn't it be wise to add some logic to Python to prevent
importing untrusted modules, e.g. by making sys.path read-only and
disabling the import hook usage using a command line ? 

This would at least prevent the most obvious attacks. I wonder how
RedHat works around these problems.

Marc-Andre Lemburg
Company:                                        http://www.egenix.com/
Consulting:                                    http://www.lemburg.com/
Python Pages:                           http://www.lemburg.com/python/