This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author steve.dower
Recipients brett.cannon, christian.heimes, ncoghlan, steve.dower, vstinner
Date 2017-12-19.06:37:49
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1513665469.65.0.213398074469.issue32324@psf.upfronthosting.co.za>
In-reply-to
Content 
> A compromise would be to refuse to start on "python3 -I directory" to remain secure

What would that achieve, considering that "python3 -I directory/__main__.py" would let you start with exactly the same sys.path?[*]

The only change that might be of any value would be to resolve the path as early as possible so that an absolute path is added to sys.path[0]. 

Not adding the directory of the startup script is a breaking change with no security benefits -- it has to stay there. -I is not a protection against command-line arguments.

[*] On Windows, using the filename seems to resolve the directory while using just the directory name does not. I'm not sure why they aren't identical, and obviously I think they should be, but I'd expect the initialization work to streamline it (when getpath.c becomes sensible).
History
Date User Action Args
2017-12-19 06:37:49steve.dowersetrecipients: + steve.dower, brett.cannon, ncoghlan, vstinner, christian.heimes
2017-12-19 06:37:49steve.dowersetmessageid: <1513665469.65.0.213398074469.issue32324@psf.upfronthosting.co.za>
2017-12-19 06:37:49steve.dowerlinkissue32324 messages
2017-12-19 06:37:49steve.dowercreate