Jan Claeys wrote:
> There should be a way for distro developers to make sure the users local
> 'site-packages' is *not* used when running those tools.
>
> I'd rather have to set/uncomment an environment variable on my system
> than having 100 "normal" users break their systems accidentally... ;-)
"#!/usr/bin/env python -E -s" doesn't work on most Unices. [1] I came up
with two possible solutions. Both depend on a new 'paranoid' flag -P
which disables several features like PYTHON* env vars, inspect
interactively, user site directory and the '' in sys.path.
* Create a new, minimal Python executable which sets Py_ParanoidFlag to
a true value and calls Py_Main(). The new executable is to be named
pythons2.x (python secure).
* Add a new source flag "# -*- py-paranoid -*-" which must be in the
second or third line of a script. Modules/main.c:Py_Main() checks for
the flag around line 430.
A rough Python version of the C code could look like:
def find_paranoid(fname):
if not os.path.isfile(fname):
return
data = open(fname).read(4096)
if not data.startswith("#!"):
return
for i in (1, 2):
data = data[data.find('\n'):]
if data.startswith("# -*- py-paranoid -*-"):
return True
return False
Christian
[1] Cygwin discussion thread about #! env
http://www.cygwin.com/ml/cygwin/2002-02/msg00657.html/
_______________________________________________
Python-Dev mailing list
Python-Dev@python.org
http://mail.python.org/mailman/listinfo/python-dev
Unsubscribe:
http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
