This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author Anthony Sottile
Recipients Anthony Sottile, Chris Billington, Ivan.Pozdeev, Peter L3, SilentGhost, __Vano, barry, brett.cannon, cheryl.sabella, christian.heimes, eric.smith, eric.snow, ethan smith, ionelmc, jaraco, mhammond, ncoghlan, pitrou, steve.dower, takluyver, terry.reedy, veky
Date 2019-03-07.03:04:58
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1551927899.06.0.914050581164.issue33944@roundup.psfhosted.org>
In-reply-to
Content 
> > There was a single .pth file that I deemed "malicious" since it
completely breaks the `subprocess` module (`subprocess-run`)
>
> It only seems to set an attribute. What's wrong with that? Does the early
import of subprocess cause problems?

It assigns `subprocess.run`, which is an api in python3.5+.  In those versions, `subprocess.check_*` is implemented in terms of `subprocess.run`.   The `subprocess.run` provided by that package has a different api than the stdlib one so any use of the subprocess module is broken just by having that package installed
History
Date User Action Args
2019-03-07 03:04:59Anthony Sottilesetrecipients: + Anthony Sottile, mhammond, barry, brett.cannon, terry.reedy, jaraco, ncoghlan, pitrou, eric.smith, christian.heimes, ionelmc, SilentGhost, __Vano, eric.snow, takluyver, steve.dower, veky, Ivan.Pozdeev, ethan smith, cheryl.sabella, Chris Billington, Peter L3
2019-03-07 03:04:59Anthony Sottilesetmessageid: <1551927899.06.0.914050581164.issue33944@roundup.psfhosted.org>
2019-03-07 03:04:59Anthony Sottilelinkissue33944 messages
2019-03-07 03:04:58Anthony Sottilecreate