Friday Filosofical Finking: Import protections

Cameron Simpson cs at cskk.id.au
Wed Apr 17 21:24:27 EDT 2019


On 17Apr2019 21:45, MRAB <python at mrabarnett.plus.com> wrote:
>On 2019-04-17 21:20, DL Neil wrote:
>>Do you bother with exception handling for import statements?
[...]
>Catch only what you (well, the script) can fix.
>
>If it needs numpy, but can't import numpy, then when can it do? Might 
>as well just let it fail.

I'm of this mind too, but...

>I suppose an alternative might be to try to download and install numpy 
>and then retry, but what if it can't be downloaded, or the installation 
>fails?

As an example of what an open ended can of worms attempts recovery might 
be, yeah. How hard do you try? But also, "installation fails": that 
isn't always a clean situation: it can litter the install area with 
partial junk.

But this is also a bad example: it is something an _invoked_ programme 
should never try to do. Except by specific deliberate design and 
request, a running application shouldn't presume it has rights to 
install additional things, or even to try. I have personally (though 
metaphorically) clipped devs across the ear for doing themselves the 
moral equivalent of the above: try thing, then just "sudo try thing" 
when it was forbidden.

Particularly in managed environments, the setup is often deliberately 
designed to not permit this. Consider the app behind a web service: 
those which are able to install code are in theory open to being 
manipulated from the outside to install and run code -malicious code.  
For this reason such enivoronments are deliberately designed so that an 
app has the barest minimum privileges to perform its task.

So: the app _can't_ write to its code area or to the htdocs tree (in 
whatever form that may be) - that way lies site defacement and 
application subversion. It can't create tables in the database or modify 
schemas. It can't modify data it should not touch, or read data it 
should never see (think reading credential tables or modifying role 
definitions as some examples).

Installing additional packages is the same as self modifying code: as a 
rule, the admins install packages, not the app.

Sorry, ranting now over.

Cheers,
Cameron Simpson <cs at cskk.id.au>


More information about the Python-list mailing list