On Oct 30, 2019, at 16:17, Brendan Barnwell <brenb...@brenbarn.net> wrote:
> 
>    There's nothing new about that either, though.  Any imported module can 
> already monkeypatch a stdlib module to add such typo-names and map them to 
> malicious functions.

Well, for that attack to work you have to get the user to import your module 
(or otherwise write some code); for Paul’s attack on the proposed feature you 
only have to get them to save a file somewhere on sys.path.

However, the easiest way to do that is probably to get them to save the file in 
the script directory—and if you can do that, you can already shadow any stdlib 
or other module completely.
_______________________________________________
Python-ideas mailing list -- python-ideas@python.org
To unsubscribe send an email to python-ideas-le...@python.org
https://mail.python.org/mailman3/lists/python-ideas.python.org/
Message archived at 
https://mail.python.org/archives/list/python-ideas@python.org/message/Q6US52IO5WR4FPGSOQ5MVOVS2RBIILKX/
Code of Conduct: http://python.org/psf/codeofconduct/

Reply via email to