PEP 304, and alternative

Skip Montanaro skip at pobox.com
Tue Jul 22 09:00:17 EDT 2003 

    Andrew> haven't seen much discussion on PEP 304 recently, what's its
    Andrew> current status?

Same as before.

    Andrew> It's so broad-brush; PYTHONBYTECODEBASE can only really be set
    Andrew> per-user, and is likely to cause the same problems PYTHONPATH
    Andrew> did (before site-packages and .pth files made all that easier).

Why is this a problem?  It gives the user control over where .pyc files will
be written.  My initial intent was that if users set it at all, it would be
set something like

    PYTHONBYTECODEBASE=$HOME/tmp/python

or

    PYTHONBYTECODEBASE=/tmp/skip/python

    Andrew> The problems with user rights also look really horrid. Say
    Andrew> bytecodebase is /tmp/python/. All users must have write access
    Andrew> to /tmp/python/home, so they can store PYCs for PYs in their
    Andrew> home directory; however if user A hasn't yet run a PY from his
    Andrew> home directory, user B can create /tmp/python/home/A and put a
    Andrew> booby-trapped PYC in, that could be run when user A executes a
    Andrew> script of the same name from /home/A.

This is (minimally) addressed in the Issues section:

    What if PYTHONBYTECODEBASE refers to a general directory (say, /tmp)?
    In this case, perhaps loading of a preexisting bytecode file should
    occur only if the file is owned by the current user or root.

By "general directory" I mean writable by more than just root.

    Andrew> I'd instead like to do it by having a writable mapping in sys
    Andrew> somewhere which can hold a number of directory remappings. This
    Andrew> could then be written to on a site-level basis by
    Andrew> sitecustomize.py and/or a user or module-level basis by user
    Andrew> code. eg.

    Andrew>   sys.bytecodebases= {
    Andrew>     '/home/and/pylib/': '/home/and/pybin/',
    Andrew>     '/www/htdocs/cgi-bin/': '/www/cgi-cache/'
    Andrew>   }

    Andrew> and so on.

How is this better?  How does it address the security problem you raised
above?

    Andrew> Also it avoids the problem of what to do on multi-root
    Andrew> filesystems like that of Windows, as only string matching is
    Andrew> required.

Windows' multi-root filesystem is a known problem.  I've not yet been able
to solve it, though I must admit I haven't worked on it in awhile either.

Skip

More information about the Python-list mailing list