On Mon, Sep 1, 2014 at 11:34 PM, Antoine Pitrou <solip...@pitrou.net> wrote: > On Mon, 1 Sep 2014 23:24:39 +1000 > Chris Angelico <ros...@gmail.com> wrote: >> On Mon, Sep 1, 2014 at 10:41 PM, Antoine Pitrou <anto...@python.org> wrote: >> > Not sure why. Just put another module named "ssl" in sys.modules directly. >> > You can also monkeypatch the genuine ssl module. >> >> That has to be done inside the same process. But imagine this >> scenario: You have a program that gets invoked as root (or some other >> user than yourself), and you're trying to fiddle with what it sees. >> You don't have root access, but you can manipulate the file system, to >> the extent that your userid has access. What can you do to affect this >> other program? > > If you're root you shouldn't run untrusted code. See > https://docs.python.org/3/using/cmdline.html#cmdoption-I
Right, which is why sslcustomize has to be controlled by that, but the possibility of patching (or monkeypatching) ssl.py isn't as big a deal. ChrisA _______________________________________________ Python-Dev mailing list Python-Dev@python.org https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
