New submission from Christian Heimes:

I like to propose a new option for the Python interpreter:

  python -I

It shall start the interpreter in isolated mode which ignores any
environment variables set by the user and any files installed by the
user. The mode segregate a Python program from anything an unpriviliged
user is able to modify and uses only files that are installed by a
system adminstrator.

The isolated mode implies -E (ignore all PYTHON* environment vars) and
-s (don't add user site directory). It also refrains from the inclusion
of '' or getcwd() to sys.path. TKinter doesn't load and execute Python
scripts from the user's home directory. Other parts of the stdlib should
be checked, too.

The option is intended for OS and application scripts that doesn't want
to become affected by user installed files or files in the current
working path of a user.

The idea is motivated by a couple of bug reports, for example:  lsb_release crashed with SIGABRT
in Py_FatalError()  sys.path[0] security issues  Security bug in tkinter allows for
untrusted, arbitrary code execution.


The idea has been discussed at

assignee: christian.heimes
messages: 175874
nosy: barry, christian.heimes, lemburg
priority: normal
severity: normal
stage: patch review
status: open
title: CLI option for isolated mode
type: security
versions: Python 3.4

Python tracker <>
Python-bugs-list mailing list

Reply via email to