Author christian.heimes
Recipients barry, christian.heimes, lemburg
Date 2012-11-18.14:26:10
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1353248771.63.0.703024605939.issue16499@psf.upfronthosting.co.za>
In-reply-to
Content
I like to propose a new option for the Python interpreter:

  python -I

It shall start the interpreter in isolated mode which ignores any
environment variables set by the user and any files installed by the
user. The mode segregate a Python program from anything an unpriviliged
user is able to modify and uses only files that are installed by a
system adminstrator.

The isolated mode implies -E (ignore all PYTHON* environment vars) and
-s (don't add user site directory). It also refrains from the inclusion
of '' or getcwd() to sys.path. TKinter doesn't load and execute Python
scripts from the user's home directory. Other parts of the stdlib should
be checked, too.

The option is intended for OS and application scripts that doesn't want
to become affected by user installed files or files in the current
working path of a user.

The idea is motivated by a couple of bug reports, for example:

https://bugs.launchpad.net/bugs/938869  lsb_release crashed with SIGABRT
in Py_FatalError()

http://bugs.python.org/issue16202  sys.path[0] security issues

http://bugs.python.org/issue16248  Security bug in tkinter allows for
untrusted, arbitrary code execution.

---

The idea has been discussed at http://mail.python.org/pipermail/python-ideas/2012-November/017766.html.
History
Date User Action Args
2012-11-18 14:26:11christian.heimessetrecipients: + christian.heimes, lemburg, barry
2012-11-18 14:26:11christian.heimessetmessageid: <1353248771.63.0.703024605939.issue16499@psf.upfronthosting.co.za>
2012-11-18 14:26:11christian.heimeslinkissue16499 messages
2012-11-18 14:26:10christian.heimescreate