Author pitrou
Recipients barry, benjamin.peterson, glyph, gregory.p.smith, iankko, loewis, pitrou, psss
Date 2009-05-05.23:03:37
SpamBayes Score 1.66533e-16
Marked as misclassified No
Message-id <1241564731.10795.12.camel@localhost>
In-reply-to <1241557234.83.0.276883492451.issue5753@psf.upfronthosting.co.za>
Content
Hello Jan,

> 1, doesn't avoid the need to fix the issue (by calling
> "PySys_SetArgvEx(argc, argv, 0);") in all current applications embedding
> Python,

As you said yourself, we don't want to break backwards compatibility for
C API users -- especially between two minor versions such as 2.6.2 and
2.6.3. The current behaviour is certainly by design, otherwise it
wouldn't be so complicated.

Besides, the patch you proposed is fragile as it relies on a hard coded
value for the executable name, and it also complexifies the behaviour
even more. I don't think we should apply it in core Python. On the other
hand, adding an /explicit/ option in the API minimizes the risk for
confusion and signals clearly that an alternative is available.

> I don't think
> we can just rely on the fact, the developers will use it in a safe
> way in the future

Well, you can always shoot yourself in the foot in C, even without using
the Python API. The patch just provides a practical way for
Python-embedding applications to be safer. Then, it's up to application
developers to do their job.

> Wouldn't be possible to fix it 'only in Python' and prevent such
> potential future malicious (mis)uses?

AFAICT, not without risking breaking compatibility for perfectly
well-behaved apps which would rely on the current behaviour.
History
Date User Action Args
2009-05-05 23:03:40pitrousetrecipients: + pitrou, loewis, barry, gregory.p.smith, benjamin.peterson, glyph, psss, iankko
2009-05-05 23:03:38pitroulinkissue5753 messages
2009-05-05 23:03:37pitroucreate