[Python-ideas] from __pip__ import
Paul Moore
p.f.moore at gmail.com
Tue Sep 20 08:29:42 EDT 2016
On 20 September 2016 at 12:12, אלעזר <elazarg at gmail.com> wrote:
> Moreover, being able to do it programmatically is a security risk, since it
> requires elevated privileges that I don't know how to drop, and most people
> will not think about doing, but a library implementation will.
>
> So if someone uses subprocess.run(), and the system asks the user for
> elevated privileges, a bug in later code can easily cause serious harm
> instead of failing. Yes, untrusted code should be sandboxed - but it isn't,
> more often than not.
It's not possible to gain elevated privileges without asking the user
(certainly not on Windows, and I don't believe so on Unix). So what
you're talking about is getting people used to the idea that running a
script they grabbed off the internet would ask them to run it
elevated, and they should agree. That sounds to me like a very
dangerous lesson to be teaching.
(rwt gets round this by installing dependencies to a temporary
location for the duration of the script. I *really* recommend that you
look into it if you haven't already).
Paul
More information about the Python-ideas
mailing list