This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author paul.moore
Recipients Alexander Riccio, brett.cannon, paul.moore, steve.dower, tim.golden, zach.ware
Date 2016-06-30.15:17:10
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1467299830.43.0.645477781103.issue26137@psf.upfronthosting.co.za>
In-reply-to
Content 
OK, so a 3rd party module providing a "safe_exec" function would make a good proof of concept, I assume. You could probably do that using comtypes or pywin32.

I'm not going to try to say what is or isn't a security threat, that's not my expertise. But I am puzzled as to why "use safe_exec rather than exec" isn't an option, but "use python with the malware scanning option enabled" is. Maybe it's like the Powershell execution policy model, though.

I still don't want it to scan my trusted scripts, though. More interpreter startup overhead? No thanks.

Anyway, thanks for the clarification. It's early days yet to be debating this level of detail, so I'll leave it there.
History
Date User Action Args
2016-06-30 15:17:10paul.mooresetrecipients: + paul.moore, brett.cannon, tim.golden, zach.ware, steve.dower, Alexander Riccio
2016-06-30 15:17:10paul.mooresetmessageid: <1467299830.43.0.645477781103.issue26137@psf.upfronthosting.co.za>
2016-06-30 15:17:10paul.moorelinkissue26137 messages
2016-06-30 15:17:10paul.moorecreate