[Python-Dev] disable writing .py[co]
Michael Hudson
mwh@python.net
21 Jan 2003 13:54:07 +0000
Skip Montanaro <skip@pobox.com> writes:
> Michael> The idea of writing .pycs to a world writable area (say /tmp)
> Michael> on a multi-user system sounds like a Bad Thing.
>
> As I mentioned in my original note, you'd prepend PYCROOT to the .py file
> and append 'c' to create a filename for the .pyc file. If socket.py was
> found in /usr/lib/python2.3/socket.py and PYCROOT was set to /tmp, you'd try
> to read from/write to /tmp/usr/lib/python2.3/socket.pyc. The only
> requirement on PYCROOT would be that /tmp would have to exist. The user
> wouldn't be responsible for creating the full directory tree underneath
> /tmp.
Nooo, it was the security implications that bothered me.
I'm still somewhat confused by the need for this change beyond coping
with dubious installations that shouldn't be our problem.
Cheers,
M.
--
surely, somewhere, somehow, in the history of computing, at least
one manual has been written that you could at least remotely
attempt to consider possibly glancing at. -- Adam Rixey