[Python-Dev] Adding a new C API function in 2.6

Antoine Pitrou solipsis at pitrou.net
Thu May 20 21:32:53 CEST 2010


Hello,

I would like to check that it's possible to a new C API function in the
2.6 branch, on the basis that it would help solve what seems to be
reported as a security problem by several vendors (including Linux
distributions) -- see http://bugs.python.org/issue5753 for a thorough
discussion.

The change is rather minimal at the code level; it adds a new function
PySys_SetArgvEx which has an additional flag telling it whether to
update sys.path or not. The existing PySys_SetArgv function
unconditionally updates sys.path, which can allow shadowing of stdlib
or third-party library modules by an attacker.

Thank you

Antoine.




More information about the Python-Dev mailing list