Message387691
No, because I want to work with whatever version of Python the user puts there. Yes, I could search for "python3*.dll" and load the one I find, but I'm writing this in C, and I get a migraine whenever I have to write more than about 15 lines of C code these days :-)
It's not a big deal either way, though. That project turned out to be too much effort to be worth it, so it's now mostly just a proof-of-concept experiment.
> most of us consider a critical security vulnerability rather than a feature
:-) Given that my execution model is "run a user-supplied Python script with a user-supplied interpreter" I think any attacker has far easier ways of compromising things than hijacking python3.dll... |
|
Date |
User |
Action |
Args |
2021-02-25 22:48:22 | paul.moore | set | recipients:
+ paul.moore, tim.golden, zach.ware, eryksun, steve.dower, Elli Pirelli |
2021-02-25 22:48:22 | paul.moore | set | messageid: <1614293302.64.0.925308139769.issue29399@roundup.psfhosted.org> |
2021-02-25 22:48:22 | paul.moore | link | issue29399 messages |
2021-02-25 22:48:22 | paul.moore | create | |
|