Author steve.dower
Recipients Anthony Sottile, Chris Billington, Ethan Smith, Ivan.Pozdeev, SilentGhost, __Vano, barry, brett.cannon, cheryl.sabella, christian.heimes, eric.smith, eric.snow, ionelmc, jaraco, mhammond, ncoghlan, pitrou, steve.dower, takluyver, terry.reedy, veky
Date 2019-02-23.00:51:23
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1550883083.37.0.0797427036048.issue33944@roundup.psfhosted.org>
In-reply-to
Content
I took a look at the docs PR, and honestly I don't even get what the "intended" uses of executable code are supposed to be.

The examples are "load 3rd-party import hooks, adjust PATH variable", but the only cases I can think of where you'd need to do these in a .pth file is where your module is a single file. As soon as you have a package with __init__.py, you have a file that can do exactly the same modifications before the module that needs it is imported.

I'd be inclined to limit the doc change to not provide any "valid" uses for this, and just discourage doing anything that takes a long time (most of the text in the PR is fine, IMHO).

And yeah, I'd like to see the arbitrary code execution "feature" removed too.

As for .pth files in general, I'm interested in the scenarios that caused Barry to have to do difficult debugging where "python -m site" wasn't able to help. If they all involved arbitrary code execution, then let's take out the right tumor. But if they somehow manipulated sys.path in a way that looking at sys.path doesn't reveal, then I'd like to know how.
History
Date User Action Args
2019-02-23 00:51:23steve.dowersetrecipients: + steve.dower, mhammond, barry, brett.cannon, terry.reedy, jaraco, ncoghlan, pitrou, eric.smith, christian.heimes, ionelmc, SilentGhost, __Vano, eric.snow, takluyver, veky, Ivan.Pozdeev, Anthony Sottile, Ethan Smith, cheryl.sabella, Chris Billington
2019-02-23 00:51:23steve.dowersetmessageid: <1550883083.37.0.0797427036048.issue33944@roundup.psfhosted.org>
2019-02-23 00:51:23steve.dowerlinkissue33944 messages
2019-02-23 00:51:23steve.dowercreate