New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
PythonLauncher considered harmfull #49512
Comments
The Mac port of Python contains a binary named "PythonLauncher" which In hindsight adding this tool was not a good idea: this makes it way to In my experience most ".py" files are modules instead of standalone |
I disagree that this is a bad idea--it's helpful to be able to double- |
I also think it should be removed. Opening a file should run it only if it |
At the very least PythonLauncher should not be the default for opening When PythonLauncher is the default application for .py files double- There are several ways for running python scripts by double-clicking on
Both result in "files" where it is clear that opening them will result |
I propose to at least change the code in pythonlauncher to warn if it is the default association for python files, that is to reverse the test that it currently does. That way users can still set pythonlauncher as the launcher for a specific files, but would get a warning when they make pythonlauncher the default action for python files. BTW. I still think that pythonlauncher is unsafe and should be removed. |
Kevin: what's your opinion on changing PythonLauncher to check if it is the default action for opening python files and warning about that? What about refusing to run when Python Launcher is the default action for python files? Users would still be able to run python files from the Finder by using the "Open with" menu, or by selecting Python Launcher through the Get Info dialog. This would seriously reduce the risks w.r.t. accidentally running python scripts. (Removing 2.7 because it is too late to change 2.7 behavior) |
Ronald, I'd vote for warning if it's the default action. Would your other proposed change require users to set PythonLauncher as the opening app for each Python file, or would there be a way to manually set it as the default from Finder or elsewhere? Kevin |
I would no longer be possible to set PythonLauncher as the default action for Python files, because doing that is a clear security risk. Ronald |
I thinking about closing this issue, but need to do some more research before doing so. In particular, I need to check the behavior of double clicking on python files on Windows and the main Linux desktops. IIRC double clicking a .py file on Windows will execute that file, it might be useful to stay consistent with that and not disallow making Python Launcher the default action. |
FWIW more than once I tried to open a .py file on Windows just to see a black box flashing by and promptly disappear. I agree that opening the file in an editor (e.g. IDLE) is a better option, but I realize some users might prefer to launch a script when they double-click on it (I always launch them by doing "python file.py"). |
The attached patch removes the code that checks if "Python Launcher" is the default application for opening python files. |
Does python on Mac still act the same way? When I tried to run a file from Finder today, all the open options I found either did nothing I could see or opened .py files in IDLE. |
If you double-click on .py file in the Finder, a current user default application for that file type (.py) is used to open with. Depending on how things were installed, that default app could be one of the IDLE apps (i.e. IDLE for 3.10, IDLE for 3.11, etc), one of the Python Launcher apps (again, one for each version that had been installed), or possibly some other app. Using the instructions here, you can either change the app associated with a specific .py file or change the default app for all of your .py files. Another, and safer approach, is to drag the icon for the .py file directly onto the icon for the app you want to open it, either by finding the app in a Finder window or the app icon on the Dock (if it is currently open or perhaps was opened). Dragging a .py file to a Python Launcher app icon should cause a Terminal.app window to open and execute the file in the REPL of the Python interpreter path shown in the Python Launcher Preferences window. If necessary, you can type in the window and change the path to a specific interpreter version, i.e. |
I still think that a much more important ward of Python Launcher is that it may result in accidentally running Python scripts downloaded from somewhere. The additional protections in recentish macOS versions somewhat mitigate the risk (by not giving access to the Downloads folder to applications unless the user explicitly gives permission). Adding a check for executable permissions would help a bit more, and matches the system behaviour for shell scripts in ".command" files. On the other hand, I appreciate that the launcher can be converted for users. |
Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.
Show more details
GitHub fields:
bugs.python.org fields:
The text was updated successfully, but these errors were encountered: