Author brian.curtin
Recipients brian.curtin, kindloaf
Date 2010-03-01.15:45:53
SpamBayes Score 1.71936e-07
Marked as misclassified No
Message-id <1267458356.51.0.0674148191594.issue5802@psf.upfronthosting.co.za>
In-reply-to
Content
Even if we changed the ACL of the executable, any user could still add malicious code to be executed on import, as the C:\PythonXY directory doesn't require specific privileges for writing to it, and it shouldn't by default. When installed to "C:\Program Files", certain privileges are required to install anything, so regular users can't install third party code or swap out the interpreter. 

If you need the added security, you are more than welcome to choose to install Python to a more secure location. Defaulting to "C:\Program Files" isn't necessary.

See also: issues #1074873 and #818030
History
Date User Action Args
2010-03-01 15:45:56brian.curtinsetrecipients: + brian.curtin, kindloaf
2010-03-01 15:45:56brian.curtinsetmessageid: <1267458356.51.0.0674148191594.issue5802@psf.upfronthosting.co.za>
2010-03-01 15:45:54brian.curtinlinkissue5802 messages
2010-03-01 15:45:53brian.curtincreate