[Python-Dev] PEP 493: Redistributor guidance for Python 2.7 HTTPS
ncoghlan at gmail.com
Mon Jul 6 15:22:09 CEST 2015
On 6 Jul 2015 20:23, "Antoine Pitrou" <solipsis at pitrou.net> wrote:
> On Mon, 6 Jul 2015 14:22:46 +1000
> Nick Coghlan <ncoghlan at gmail.com> wrote:
> > The main change from the last version discussed on python-ideas
> Was it discussed there? That list has become totally useless, I've
> stopped following it.
> > * modify the ``ssl`` module to read the ``PYTHONHTTPSVERIFY``
> > variable when the module is first imported into a Python process
> Have you passed that by RedHat's security experts?
Yeah, they were the ones that finally persuaded me that this design was
reasonable. If I understood their explanation correctly, the gist is that
if you're running with elevated permissions while allowing arbitrary
processes to set environment variables, you've already opened up so many
attack vectors that the only reasonable defence is "don't do that", and
hence higher level design decisions like sudo running in root's
environment, not the individual user's. Since having the selective
downgrade option available makes it easier to justify the default security
*up*grade, it works out as a net win.
However, I did just realise there's a bug in the current definition of that
feature - it should respect the "ignore environment" flag, but it's
currently specified as being unconditional.
> Python-Dev mailing list
> Python-Dev at python.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Python-Dev