Message336662
| Author |
ncoghlan |
| Recipients |
Anthony Sottile, Chris Billington, Ivan.Pozdeev, SilentGhost, __Vano, barry, brett.cannon, cheryl.sabella, christian.heimes, eric.smith, eric.snow, ethan smith, ionelmc, jaraco, mhammond, ncoghlan, pitrou, steve.dower, takluyver, terry.reedy, veky |
| Date |
2019年02月26日.13:19:51 |
| SpamBayes Score |
-1.0 |
| Marked as misclassified |
Yes |
| Message-id |
<1551187191.18.0.457726647182.issue33944@roundup.psfhosted.org> |
| In-reply-to |
| Content |
Yep, I completely understand (and agree with) the desire to eliminate the code injection exploit that was introduced decades ago by using exec() to run lines starting with "import " (i.e. "import sys; <arbitrary code goes here>").
I just don't want to lose the "add this location to sys.path" behaviour that exists for lines in pth files that *don't* start with "import ", since that has plenty of legitimate use cases, and the only downside of overusing it is an excessively long default sys.path (which has far more consistent and obvious symptoms than the arbitrary code execution case can lead to). |
|
History
|
|---|
| Date |
User |
Action |
Args |
| 2019年02月26日 13:19:51 | ncoghlan | set | recipients:
+ ncoghlan, mhammond, barry, brett.cannon, terry.reedy, jaraco, pitrou, eric.smith, christian.heimes, ionelmc, SilentGhost, __Vano, eric.snow, takluyver, steve.dower, veky, Ivan.Pozdeev, Anthony Sottile, ethan smith, cheryl.sabella, Chris Billington |
| 2019年02月26日 13:19:51 | ncoghlan | set | messageid: <1551187191.18.0.457726647182.issue33944@roundup.psfhosted.org> |
| 2019年02月26日 13:19:51 | ncoghlan | link | issue33944 messages |
| 2019年02月26日 13:19:51 | ncoghlan | create |
|