Message336662
| Author | ncoghlan |
|---|
| Recipients | Anthony Sottile, Chris Billington, Ivan.Pozdeev, SilentGhost, __Vano, barry, brett.cannon, cheryl.sabella, christian.heimes, eric.smith, eric.snow, ethan smith, ionelmc, jaraco, mhammond, ncoghlan, pitrou, steve.dower, takluyver, terry.reedy, veky |
|---|
| Date | 2019-02-26.13:19:51 |
|---|
| SpamBayes Score | -1.0 |
|---|
| Marked as misclassified | Yes |
|---|
| Message-id | <1551187191.18.0.457726647182.issue33944@roundup.psfhosted.org> |
|---|
| In-reply-to | |
|---|
| Content |
|---|
Yep, I completely understand (and agree with) the desire to eliminate the code injection exploit that was introduced decades ago by using exec() to run lines starting with "import " (i.e. "import sys; <arbitrary code goes here>").I just don't want to lose the "add this location to sys.path" behaviour that exists for lines in pth files that *don't* start with "import ", since that has plenty of legitimate use cases, and the only downside of overusing it is an excessively long default sys.path (which has far more consistent and obvious symptoms than the arbitrary code execution case can lead to). |
| History |
|---|
| Date | User | Action | Args |
|---|
| 2019-02-26 13:19:51 | ncoghlan | set | recipients: +ncoghlan,mhammond,barry,brett.cannon,terry.reedy,jaraco,pitrou,eric.smith,christian.heimes,ionelmc,SilentGhost,__Vano,eric.snow,takluyver,steve.dower,veky,Ivan.Pozdeev,Anthony Sottile,ethan smith,cheryl.sabella,Chris Billington | | 2019-02-26 13:19:51 | ncoghlan | set | messageid: <1551187191.18.0.457726647182.issue33944@roundup.psfhosted.org> | | 2019-02-26 13:19:51 | ncoghlan | link | issue33944 messages | | 2019-02-26 13:19:51 | ncoghlan | create | |
| 
➜