On 7 September 2017 at 20:02, Adrian Petrescu <apetr...@gmail.com> wrote: > Would that not be a security concern, if you can get Python to execute > arbitrary code just by setting an environment variable?
Not really, as once someone has write access to your process environment, you've already lost (they can mess with PYTHONIOENCODING, PYTHONPATH, LD_PRELOAD, OpenSSL certificate verification settings, and more). Cheers, Nick. -- Nick Coghlan | ncogh...@gmail.com | Brisbane, Australia _______________________________________________ Python-Dev mailing list Python-Dev@python.org https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
