[issue1284316] Win32: Security problem with default installation directory

Jason R. Coombs added the comment: For those installing Python 2.7, I share here for others the [Powershell module](https://www.dropbox.com/s/62m9easad0iakat/python.ps1?dl=0) I include in my profile. With this module loaded, `get-python-ver 2.7.14` installs Python 2.7.14 64-bit to "C:\Program

[issue1284316] Win32: Security problem with default installation directory

Changes by Mark Lawrence : -- nosy: -BreamoreBoy ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: https://mai

[issue1284316] Win32: Security problem with default installation directory

Steve Dower added the comment: Changing the default install directory in a maintenance release is not okay. Users who are concerned about security can change the install directory, and bugs that arise as a result will be considered on their own merits. Alternatively, you can obtain Python 2.7

[issue1284316] Win32: Security problem with default installation directory

Samuel Bronson added the comment: Um, you know this still affects Python 2.7 right? Yes, I realize that it's not going to be very practical to change the default installation path for 2.7, but that doesn't make the issue disappear, nor is that the only way to close the hole. Which is to say,

[issue1284316] Win32: Security problem with default installation directory

Steve Dower added the comment: Closing this as fixed, as the discussions I've had at PyCon have largely suggested that the fix I've implemented is good. In short: * the default (obvious) install will be per-user only into %LocalAppData%\Programs\Python\Python35 - fully modifiable by whoever in

[issue1284316] Win32: Security problem with default installation directory

Steve Dower added the comment: I'll reassign this to me, as I'm looking into making Program Files the default location for 3.5. I'd like to release at least some of the alphas with the change active by default (i.e. it's easy to select the old directory) to get broader feedback. So far I have

[issue1284316] Win32: Security problem with default installation directory

Changes by Brian Curtin : -- nosy: -brian.curtin ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: https://mai

[issue1284316] Win32: Security problem with default installation directory

eryksun added the comment: >> As mentioned before, many packages can not handle paths with >> spaces. > > This is "common knowledge", yet may not be true anymore. Well, see issue 21699. pip 1.5.6 is still using distlib 0.1.8, so the executable wrappers it creates are broken when the path to

[issue1284316] Win32: Security problem with default installation directory

Georg Brandl added the comment: > As mentioned before, many packages can not handle paths with spaces. This is "common knowledge", yet may not be true anymore. See this recent python-dev thread: https://mail.python.org/pipermail/python-dev/2014-September/136434.html -- _

[issue1284316] Win32: Security problem with default installation directory

Friedrich Spee von Langenfeld added the comment: As mentioned before, many packages can not handle paths with spaces. I suppose that it is because of lacking knowledge on how to prevent such bugs. What would you think? Should this piece of information be in our documentation? Or is it already

[issue1284316] Win32: Security problem with default installation directory

Georg Brandl added the comment: Nobody doubts that pinging old issues helps getting some of them closed. But messages like msg228480 sound a bit pretentious, that's what Antoine is referring to. -- nosy: +georg.brandl ___ Python tracker

[issue1284316] Win32: Security problem with default installation directory

Mark Lawrence added the comment: Pardon me for breathing. As you clearly don't like the way I work would you be so kind as to reopen the issues that I've helped close in the last few months. It might bugger the stats on the bug tracker but hey ho. --

[issue1284316] Win32: Security problem with default installation directory

Antoine Pitrou added the comment: Mark Lawrence, please stop acting like you are the project leader. If you want to make concrete contributions to Python, you're welcome. But we don't need your project management guidance. -- nosy: +pitrou ___ Pytho

[issue1284316] Win32: Security problem with default installation directory

Mark Lawrence added the comment: I'm concerned that 3.5 is creeping ever closer and I wouldn't like to see work done on the installer backed out at the 11th hour because there has been no agreement here. Does this need a discussion on python-dev? For that matter has there been one already th

[issue1284316] Win32: Security problem with default installation directory

Jason R. Coombs added the comment: I still disagree. If the preferable place for Python to be installed is not in the root (and I fervently feel so), then there could be a transitional approach to move it to the appropriate place, such as creating symbolic links from the legacy destinations (a

[issue1284316] Win32: Security problem with default installation directory

Giampaolo Rodola' added the comment: If on one hand I agree that Python being in C:\PythonXX is not optimal for all the reasons which have been mentioned so far, changing such an old established aspect of the interpreter would be too much disruptive as a change. To say one, being that on Window

[issue1284316] Win32: Security problem with default installation directory

Changes by Giampaolo Rodola' : -- nosy: +giampaolo.rodola versions: +Python 3.5 ___ Python tracker ___ ___ Python-bugs-list mailing

[issue1284316] Win32: Security problem with default installation directory

Changes by Steve Dower : -- nosy: +steve.dower ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.p

[issue1284316] Win32: Security problem with default installation directory

Changes by Antoine Pitrou : -- nosy: +tim.golden ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.

[issue1284316] Win32: Security problem with default installation directory

Changes by Ezio Melotti : -- versions: +Python 3.3, Python 3.4 ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe:

[issue1284316] Win32: Security problem with default installation directory

Gynvael Coldwind added the comment: (since Issue 10491 is superseded by this one, I'll reply here) As I've said in issue 10491, in my opinion this is not a case of frustrating users because they have to elevate the console (I think they have to do that in case of UAC anyway), but a case of pr

[issue1284316] Win32: Security problem with default installation directory

Mark Hammond added the comment: Another consideration here will be how distutils will work in a python with restricted permissions - the pattern of "just run 'setup.py install'" will not work unless it is done from an elevated command-prompt. As I expect this would frustrate people we'd need

[issue1284316] Win32: Security problem with default installation directory

Fran Rogers added the comment: I'd like to concur that Python should install to %ProgramFiles% by default. The root-directory default is particularly anomalous on 64-bit Windows, where you have separate 64- and 32-bit Program Files directories; if I have a Python installation in "C:\Python26"

[issue1284316] Win32: Security problem with default installation directory

Martin v. Löwis added the comment: > Martin: Would it be sufficient to copy the ACLs from %programfiles%, > or would it be better to hard-code the permissions from > %programfiles% from a known standard configuration? Is it known if > the ACLs on %programfiles% in WinXP differ from later platfor

[issue1284316] Win32: Security problem with default installation directory

Jason R. Coombs added the comment: Martin: Would it be sufficient to copy the ACLs from %programfiles%, or would it be better to hard-code the permissions from %programfiles% from a known standard configuration? Is it known if the ACLs on %programfiles% in WinXP differ from later platforms? W

[issue1284316] Win32: Security problem with default installation directory

Martin v. Löwis added the comment: I propose that people in favor of changing the default install location write a PEP proposing that this be done. Notice that this is independent of the issue at hand, which is about the ACLs on c:\pythonXY. I have tried fixing it, and failed so far. ---

[issue1284316] Win32: Security problem with default installation directory

Michael Foord added the comment: I've tried installations of Python to Program Files in recent years (Python 2.4 and 2.5) and found many scripts/tools unable to cope with the space in the path. I always ended up reinstalling. (Usually using sys.executable in conjunction with calling out to sh

[issue1284316] Win32: Security problem with default installation directory

Jason R. Coombs added the comment: I personally make heavy use of the command line and continue to install python to %ProgramFiles%. I find the space in the pathname to be a non-issue. After %programfiles%\Python26 and %programfiles%\Python26\Scripts are added to the path, and .py is added to

[issue1284316] Win32: Security problem with default installation directory

Changes by Brian Curtin : -- nosy: +brian.curtin ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.

[issue1284316] Win32: Security problem with default installation directory

Michael Foord added the comment: This is similar to an issue I reported to the security team (same underlying issue). My concern was that with an admin installed version of Python an arbitrary user can modify site.py, or create sitecustomize.py, and cause arbitrary code execution when the adm

[issue1284316] Win32: Security problem with default installation directory

R. David Murray added the comment: Note that Ezio and Flox have been improving the test suite and code to handle paths-with-spaces better. Perhaps we will eventually get to the point where it is possible to fix this, although Tim's point about python being a CLI/scripting tool remains. Or p

[issue1284316] Win32: Security problem with default installation directory

Changes by Daniel Diniz : -- stage: -> test needed type: -> security versions: +Python 2.7, Python 3.2 ___ Python tracker ___ ___

[issue1284316] Win32: Security problem with default installation directory

Changes by Mark Hammond <[EMAIL PROTECTED]>: -- nosy: +mhammond ___ Python tracker <[EMAIL PROTECTED]> ___ ___ Python-bugs-list maili

[issue1284316] Win32: Security problem with default installation directory

Jason R. Coombs <[EMAIL PROTECTED]> added the comment: +1 on using "Program Files" by default. In addition to the points mentioned above, there are other considerations. In 64-bit platforms (Windows XP x64 and Vista 64-bit), programs are segmented by their binary compatibility (C:\Program Files

[issue1284316] Win32: Security problem with default installation directory

Carl Karsten added the comment: Another reason to fix: perception. installing to the root looks like a hack. Installing to the proper place* looks professional. As for it being hard to type, either add it to PATH or put a .bat file in the path. I think vista even supports some sort of symli