New submission from Steve Dower: There are some situations where the stdlib imports modules that could be absent, notably "import readline" in site.py. This import is expected to fail in some situations, but because sys.path is fully configured it can be importing arbitrary code.
To limit these imports to only installed packages, we could add a fake _stdlib module with __path__ set to a restricted set (approximately/exactly(?) what -I uses) and an importlib helper to import it and alias it in sys.modules. Open question about what to do when a user has already imported their own module and it isn't the stdlib one. We discussed displaying a warning in this case. If the import helper is private we should be able to backport to 2.7/3.4 easily enough. ---------- components: Library (Lib) messages: 240896 nosy: brett.cannon, christian.heimes, eric.snow, ncoghlan, steve.dower priority: normal severity: normal status: open title: Add mechanism to import stdlib package bypassing user packages versions: Python 2.7, Python 3.4, Python 3.5 _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue23947> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
