[Python-Dev] PEP 553 V2 - builtin breakpoint() (was Re: PEP 553: Built-in debug())
Nick Coghlan
ncoghlan at gmail.com
Fri Sep 8 10:53:40 EDT 2017
On 7 September 2017 at 20:02, Adrian Petrescu <apetresc at gmail.com> wrote:
> Would that not be a security concern, if you can get Python to execute
> arbitrary code just by setting an environment variable?
Not really, as once someone has write access to your process
environment, you've already lost (they can mess with PYTHONIOENCODING,
PYTHONPATH, LD_PRELOAD, OpenSSL certificate verification settings, and
more).
Cheers,
Nick.
--
Nick Coghlan | ncoghlan at gmail.com | Brisbane, Australia
More information about the Python-Dev
mailing list