This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author larry
Recipients Tibor Csonka, anthonywee, eryksun, larry, lukasz.langa, miss-islington, ned.deily, paul.moore, steve.dower, tim.golden, vstinner, zach.ware
Date 2020-07-20.20:18:21
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1595276302.55.0.713676350952.issue29778@roundup.psfhosted.org>
In-reply-to
Content
I still don't understand why this is considered a Python security problem.  If the user can put a malicious "python3.dll" at some arbitrary spot in the filesystem (e.g. a USB flash drive), and fool Python.exe into loading it, then surely they could put an arbitrary executable at that same spot and launch it directly.  And that seems way more straightforward.  Why would anyone bother with this?
History
Date User Action Args
2020-07-20 20:18:22larrysetrecipients: + larry, paul.moore, vstinner, tim.golden, ned.deily, lukasz.langa, zach.ware, eryksun, steve.dower, Tibor Csonka, miss-islington, anthonywee
2020-07-20 20:18:22larrysetmessageid: <1595276302.55.0.713676350952.issue29778@roundup.psfhosted.org>
2020-07-20 20:18:22larrylinkissue29778 messages
2020-07-20 20:18:21larrycreate