This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author steve.dower
Recipients brett.cannon, christian.heimes, eric.snow, ncoghlan, steve.dower
Date 2015-04-14.14:45:19
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1429022719.25.0.0685276960077.issue23947@psf.upfronthosting.co.za>
In-reply-to
Content 
There are some situations where the stdlib imports modules that could be absent, notably "import readline" in site.py. This import is expected to fail in some situations, but because sys.path is fully configured it can be importing arbitrary code.

To limit these imports to only installed packages, we could add a fake _stdlib module with __path__ set to a restricted set (approximately/exactly(?) what -I uses) and an importlib helper to import it and alias it in sys.modules.

Open question about what to do when a user has already imported their own module and it isn't the stdlib one. We discussed displaying a warning in this case.

If the import helper is private we should be able to backport to 2.7/3.4 easily enough.
History
Date User Action Args
2015-04-14 14:45:19steve.dowersetrecipients: + steve.dower, brett.cannon, ncoghlan, christian.heimes, eric.snow
2015-04-14 14:45:19steve.dowersetmessageid: <1429022719.25.0.0685276960077.issue23947@psf.upfronthosting.co.za>
2015-04-14 14:45:19steve.dowerlinkissue23947 messages
2015-04-14 14:45:19steve.dowercreate