Message172736
The fact that Python's own testsuite tripped over this proves that this is subtle enough to merit some special handling.
1) It is not, and has never been, a good idea to run/compile anything off /tmp. This isn't specific to Python, it is just common sense that you don't hand over control of directory contents to others.
2) Removing /tmp from sys.path upon startup is not enough to guarantee safety. Many Python modules will happily add it back. Just as a random example, see profile.py: "sys.path.insert(0, os.path.dirname(progname))". The aim of the patch should be to warn the user of the dangers of running code in /tmp, not trying to make it safe (and, therefore, implicitly encouraging it).
3) The patch is too restrictive in my opinion, it rules out some plausible and perfectly safe use cases. For example, root owns directory and wheel owns Python script. Or sharing a group with a trusted user. Just disallowing o+w would be enough to save the unwary from executing in /tmp. |
|
Date |
User |
Action |
Args |
2012-10-12 10:02:26 | vbraun | set | recipients:
+ vbraun, christian.heimes, schmir, robertwb, Arfrever, jdemeyer, Alan.Williams |
2012-10-12 10:02:26 | vbraun | set | messageid: <1350036146.5.0.546026889315.issue16202@psf.upfronthosting.co.za> |
2012-10-12 10:02:26 | vbraun | link | issue16202 messages |
2012-10-12 10:02:26 | vbraun | create | |
|