[Python-ideas] from __pip__ import

אלעזר elazarg at gmail.com
Tue Sep 20 07:12:29 EDT 2016 

Moreover, being able to do it programmatically is a security risk, since it
requires elevated privileges that I don't know how to drop, and most people
will not think about doing, but a library implementation will.

So if someone uses subprocess.run(), and the system asks the user for
elevated privileges, a bug in later code can easily cause serious harm
instead of failing. Yes, untrusted code should be sandboxed - but it isn't,
more often than not.

Elazar

‪On Tue, Sep 20, 2016 at 2:02 PM ‫אלעזר‬‎ <elazarg at gmail.com> wrote:‬

> I think I generally understand concerns, and partially agree. I'm
> certainly not dismissing them. I only try to understand what are the
> precise problems and why the current situation - with dangerous functions
> at reach, easily buried deep in the code instead of marked on the top of
> the script - is so much better.
>
> Elazar
>
> On Tue, Sep 20, 2016 at 1:56 PM Paul Moore <p.f.moore at gmail.com> wrote:
>
>> On 20 September 2016 at 11:46, אלעזר <elazarg at gmail.com> wrote:
>> > So it should be something like
>> >
>> > from unsafe.__pip__ import benchmark
>> >
>> > Where unsafe is the hypothetical namespace in which exec(), eval() and
>> > subprocess.run() would have reside given your concerns.
>>
>> In my opinion, it should be
>>
>> # Please install benchmark using pip to run this script
>>
>> Or you should run the script using a dedicated runner like rwt. Or you
>> can depend on a custom import hook that makes "from __pip__
>> install..." work as you want. I'm just saying that I don't want core
>> Python to implicitly install packages for me. But that's simply a
>> personal opinion. I'm not trying to persuade you you're wrong, just
>> trying to explain my position. We can agree to differ. It certainly
>> doesn't seem to me that there's any need for you to modify your
>> proposal to suit me, it's unlikely I'll like any variation you're
>> going to be happy with, which is fine (you're under no obligation to
>> convince me).
>>
>> Paul
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-ideas/attachments/20160920/a484b6b8/attachment.html>

More information about the Python-ideas mailing list