Author ncoghlan
Recipients Anthony Sottile, Chris Billington, Ethan Smith, Ivan.Pozdeev, SilentGhost, __Vano, barry, brett.cannon, cheryl.sabella, christian.heimes, eric.smith, eric.snow, ionelmc, jaraco, mhammond, ncoghlan, pitrou, steve.dower, takluyver, terry.reedy, veky
Date 2019-02-26.13:19:51
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1551187191.18.0.457726647182.issue33944@roundup.psfhosted.org>
In-reply-to
Content
Yep, I completely understand (and agree with) the desire to eliminate the code injection exploit that was introduced decades ago by using exec() to run lines starting with "import " (i.e. "import sys; <arbitrary code goes here>").

I just don't want to lose the "add this location to sys.path" behaviour that exists for lines in pth files that *don't* start with "import ", since that has plenty of legitimate use cases, and the only downside of overusing it is an excessively long default sys.path (which has far more consistent and obvious symptoms than the arbitrary code execution case can lead to).
History
Date User Action Args
2019-02-26 13:19:51ncoghlansetrecipients: + ncoghlan, mhammond, barry, brett.cannon, terry.reedy, jaraco, pitrou, eric.smith, christian.heimes, ionelmc, SilentGhost, __Vano, eric.snow, takluyver, steve.dower, veky, Ivan.Pozdeev, Anthony Sottile, Ethan Smith, cheryl.sabella, Chris Billington
2019-02-26 13:19:51ncoghlansetmessageid: <1551187191.18.0.457726647182.issue33944@roundup.psfhosted.org>
2019-02-26 13:19:51ncoghlanlinkissue33944 messages
2019-02-26 13:19:51ncoghlancreate