On 20 September 2016 at 12:12, אלעזר <elaz...@gmail.com> wrote:
> Moreover, being able to do it programmatically is a security risk, since it
> requires elevated privileges that I don't know how to drop, and most people
> will not think about doing, but a library implementation will.
> So if someone uses subprocess.run(), and the system asks the user for
> elevated privileges, a bug in later code can easily cause serious harm
> instead of failing. Yes, untrusted code should be sandboxed - but it isn't,
> more often than not.

It's not possible to gain elevated privileges without asking the user
(certainly not on Windows, and I don't believe so on Unix). So what
you're talking about is getting people used to the idea that running a
script they grabbed off the internet would ask them to run it
elevated, and they should agree. That sounds to me like a very
dangerous lesson to be teaching.

(rwt gets round this by installing dependencies to a temporary
location for the duration of the script. I *really* recommend that you
look into it if you haven't already).

Python-ideas mailing list
Code of Conduct: http://python.org/psf/codeofconduct/

Reply via email to