[Python-Dev] PEP: per user site-packages directory
Christian Heimes
lists at cheimes.de
Mon Jan 21 13:09:51 CET 2008
Jan Claeys wrote:
> There should be a way for distro developers to make sure the users local
> 'site-packages' is *not* used when running those tools.
>
> I'd rather have to set/uncomment an environment variable on my system
> than having 100 "normal" users break their systems accidentally... ;-)
"#!/usr/bin/env python -E -s" doesn't work on most Unices. [1] I came up
with two possible solutions. Both depend on a new 'paranoid' flag -P
which disables several features like PYTHON* env vars, inspect
interactively, user site directory and the '' in sys.path.
* Create a new, minimal Python executable which sets Py_ParanoidFlag to
a true value and calls Py_Main(). The new executable is to be named
pythons2.x (python secure).
* Add a new source flag "# -*- py-paranoid -*-" which must be in the
second or third line of a script. Modules/main.c:Py_Main() checks for
the flag around line 430.
A rough Python version of the C code could look like:
def find_paranoid(fname):
if not os.path.isfile(fname):
return
data = open(fname).read(4096)
if not data.startswith("#!"):
return
for i in (1, 2):
data = data[data.find('\n'):]
if data.startswith("# -*- py-paranoid -*-"):
return True
return False
Christian
[1] Cygwin discussion thread about #! env
http://www.cygwin.com/ml/cygwin/2002-02/msg00657.html/
More information about the Python-Dev
mailing list