[Python-Dev] PEP 476: Enabling certificate validation by default!
Nick Coghlan
ncoghlan at gmail.com
Mon Sep 1 08:44:43 CEST 2014
On 1 September 2014 16:07, Paul Moore <p.f.moore at gmail.com> wrote:
> On 31 August 2014 23:10, Nick Coghlan <ncoghlan at gmail.com> wrote:
>> Assuming sslcustomize was in site-packages rather than the standard library
>> directories, you would also be able to use virtual environments with an
>> appropriate sslcustomize module to disable cert checking even if the
>> application you were running didn't support direct configuration.
>
> Would this mean that a malicious package could install a custom
> sslcustomize.py and so add unwanted certs to the system? I guess we
> have to assume that installed packages are trusted, but I just wanted
> to be explicit.
Yes, it would have exactly the same security failure modes as
sitecustomize, except it would only fire if the application imported
the ssl module.
The "-S" and "-I" switches would need to disable the implied
"sslcustomize", just as they disable "import site".
Cheers,
Nick.
--
Nick Coghlan | ncoghlan at gmail.com | Brisbane, Australia
More information about the Python-Dev
mailing list