On Oct 30, 2019, at 16:17, Brendan Barnwell <brenb...@brenbarn.net> wrote: > > There's nothing new about that either, though. Any imported module can > already monkeypatch a stdlib module to add such typo-names and map them to > malicious functions.
Well, for that attack to work you have to get the user to import your module (or otherwise write some code); for Paul’s attack on the proposed feature you only have to get them to save a file somewhere on sys.path. However, the easiest way to do that is probably to get them to save the file in the script directory—and if you can do that, you can already shadow any stdlib or other module completely. _______________________________________________ Python-ideas mailing list -- python-ideas@python.org To unsubscribe send an email to python-ideas-le...@python.org https://mail.python.org/mailman3/lists/python-ideas.python.org/ Message archived at https://mail.python.org/archives/list/python-ideas@python.org/message/Q6US52IO5WR4FPGSOQ5MVOVS2RBIILKX/ Code of Conduct: http://python.org/psf/codeofconduct/
