[Python-Dev] Python 2.7.7. on Windows

Mike Miller python-dev at mgmiller.net
Mon Apr 28 22:07:57 CEST 2014


On 04/29/2014 05:12 AM, Steve Dower wrote:
> This would be an incredibly painful change that would surprise and hurt a lot of
> people.

Hi, I think "incredibly painful" is overstating the case a bit. ;)  We're 
talking about an installer default, a setting that would still be changeable as 
it always has, that by definition only will affect brand new installs.

> Yes, it is possible for a non-admin user to install arbitrary packages into a
> place where an admin user may inadvertently run it, thereby providing escalation
> of privilege. On the other hand, that applies to a lot of development tools,
> especially since most users on Windows these days are actually limited
> administrators - ANYTHING they install could run when they elevate a certain
> process.

None of Microsoft's Dev tools install to C:\, rather to ProgramFiles.  The fact 
that another security issue may exist is not a good justification for creating 
additional.

> On the other hand, Python from python.org is a tool that should only be
> installed by those who are prepared to manage it. On Windows it is easy enough
> to have a second, secured copy for your admin scripts and an unsecured copy for
> non-admin tasks.

This sounds like the perspective of someone highly technical, forgetting that 
new users will be installing python as well and vastly outnumber us.  "Normal 
people" need help to avoid security issues.

Microsoft's guidelines on where to install software are clear, and don't make 
exceptions that "tools" should be installed to the root of the drive to bypass 
file system permissions, for convenience.

> I'm not sure what change you are proposing here... doesn't the installer already
> have an option to add to PATH? I'm sure I keep disabling it.

No, it does not.  Unless it got slipped in when I wasn't looking.

It should be an option though, I think everyone would agree.

> "python.exe" on my PATH because I have 10+ versions installed at any one time. I

Remember, python-dev's are not the target users of this package, and are a 
rather minuscule fraction of the user base.

> Python installation. At this point, 2.7.6->2.7.7 should be an incredibly safe
> upgrade, and there's no way to safely change the default installation location

This would continue to be the case, as the installer will recognize the 
previously installed Python 2.7 and use its setting.  This should affect only 
*brand new installs.*

> or the ACLs on the install directory.

No ACLs would be affected or changed or even thought about.  Simply installing 
to the correct folder (on new installs) will accomplish the goal.

In short, this design of restricted permissions (read-only) for binaries and 
PATH conveniences goes back decades under Unix and other OS's.  MS Windows has 
finally caught up in the security department in the last few releases.  Please 
don't keep us back in the "bad old days" of DOS where everything was installed 
to the root folder.

-- 
-Mike



More information about the Python-Dev mailing list