Message174460
As Zachary and Ramchandra explained, the security issue is obvious: a non-sudoer user A can make a sudoer user B execute arbitrary code, simply by placing a file where IDLE will be run from.
This is the same reason Python has -s and -E options. The least we could do would be to disable readprofile() when sys.flags.ignore_environment is true. |
|
Date |
User |
Action |
Args |
2012-11-01 19:55:34 | pitrou | set | recipients:
+ pitrou, terry.reedy, mark.dickinson, gpolo, Arfrever, asvetlov, Ramchandra Apte, zach.ware |
2012-11-01 19:55:34 | pitrou | set | messageid: <1351799734.1.0.290662731143.issue16248@psf.upfronthosting.co.za> |
2012-11-01 19:55:34 | pitrou | link | issue16248 messages |
2012-11-01 19:55:33 | pitrou | create | |
|