Message 100290 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	michael.foord
Recipients	carlfk, dsmiller, ezio.melotti, flox, jaraco, loewis, mel, mhammond, michael.foord, nnorwitz, norvellspearman, r.david.murray, tim.peters
Date	2010-03-02.12:39:18
SpamBayes Score	0.0002466772
Marked as misclassified	No
Message-id	<1267533561.19.0.653964557093.issue1284316@psf.upfronthosting.co.za>
In-reply-to

Content
This is similar to an issue I reported to the security team (same underlying issue). My concern was that with an admin installed version of Python an arbitrary user can modify site.py, or create sitecustomize.py, and cause arbitrary code execution when the admin runs Python. IMO an admin installed Python should require admin priveleges to write to the Python install directory. I think many users would find installing to "Program Files" a pain and it would break many scripts.

This is similar to an issue I reported to the security team (same underlying issue). My concern was that with an admin installed version of Python an arbitrary user can modify site.py, or create sitecustomize.py, and cause arbitrary code execution when the admin runs Python.

IMO an admin installed Python should require admin priveleges to write to the Python install directory. I think many users would find installing to "Program Files" a pain and it would break many scripts.

History
Date	User	Action	Args
2010-03-02 12:39:21	michael.foord	set	recipients: + michael.foord, tim.peters, loewis, mhammond, nnorwitz, jaraco, mel, dsmiller, norvellspearman, carlfk, ezio.melotti, r.david.murray, flox
2010-03-02 12:39:21	michael.foord	set	messageid: <1267533561.19.0.653964557093.issue1284316@psf.upfronthosting.co.za>
2010-03-02 12:39:19	michael.foord	link	issue1284316 messages
2010-03-02 12:39:18	michael.foord	create