[Python-Dev] Security implications of pep 383
Nick Coghlan
ncoghlan at gmail.com
Wed Mar 30 12:42:22 CEST 2011
On Wed, Mar 30, 2011 at 4:57 PM, Gregory P. Smith <greg at krypto.org> wrote:
> I don't see your comment on the blog post. So either the author is
> moderating comments and hasn't seen yours yet (likely) or they don't want
> disagreement in their comments. ;)
My comment was sitting in the moderation queue last time I looked as well.
While Toshio is correct that there is no one correct "filesystem
encoding" on Linux systems, Python still does its best to guess one
(even though it may be wrong for some of the mounted filesystems).
That's what it will use when encoding Unicode strings to pass to
bytes-oriented POSIX APIs, so you can always "pre-check" values by
using os.fsencode to get everything into the bytes format that will
actually be passed to the underlying OS API.
Python 3.2 provides the tools to do this kind of thing correctly, but
it is finicky enough that there isn't really any way for us to make it
easy.
Cheers,
Nick.
--
Nick Coghlan | ncoghlan at gmail.com | Brisbane, Australia
More information about the Python-Dev
mailing list