On 7 September 2017 at 20:02, Adrian Petrescu <[email protected]> wrote: > Would that not be a security concern, if you can get Python to execute > arbitrary code just by setting an environment variable?
Not really, as once someone has write access to your process environment, you've already lost (they can mess with PYTHONIOENCODING, PYTHONPATH, LD_PRELOAD, OpenSSL certificate verification settings, and more). Cheers, Nick. -- Nick Coghlan | [email protected] | Brisbane, Australia _______________________________________________ Python-Dev mailing list [email protected] https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com