Giles Thomas wrote:
Dino Viehland wrote:
But it seems like CPython is the one who's doing something wrong here.
Another data point; easy_install under CPython using Vista with UAC switched on tries to escalate permissions as you would expect -- the normal grey screen, "please enter an administrator's details" thing -- and then happily installs the egg under C:\PythonXX\lib\site-packages, owned by Administrator, with no read permissions for anyone else. So you then have to go and find it and manually change the permissions if you want to use it.

Somewhat orthogonal, but it does make it sound rather like the setup with CPython is accidental rather than by deliberate choice.


I doubt it can be accidental - I think the changed permissions would have to be done deliberately in the installer?

Historically Windows has made much less of a distinction between user and system installed programs. On the Mac I need to sudo to install into my *system* site-packages but not into the site-packages of a user installed version of Python.

I still see it as a question of usability rather than security. (I'm honestly not sure how creating a writable directory is a security issue?) If the default install location of IronPython makes installing and using Python packages with IronPython impossible for non-elevated users then that is an extreme misfeature.

Michael


Cheers,

Giles



--
http://www.ironpythoninaction.com/
http://www.voidspace.org.uk/blog


_______________________________________________
Users mailing list
Users@lists.ironpython.com
http://lists.ironpython.com/listinfo.cgi/users-ironpython.com

Reply via email to