mirrors/cpython
1
0
Fork 0
mirror of https://github.com/python/cpython.git synced 2025-07-23 11:15:24 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 11

gh-57684: Add -P cmdline option and PYTHONSAFEPATH env var (#31542)

Browse source 
Add the -P command line option and the PYTHONSAFEPATH environment
variable to not prepend a potentially unsafe path to sys.path.

* Add sys.flags.safe_path flag.
* Add PyConfig.safe_path member.
* Programs/_bootstrap_python.c uses config.safe_path=0.
* Update subprocess._optim_args_from_interpreter_flags() to handle
  the -P command line option.
* Modules/getpath.py sets safe_path to 1 if a "._pth" file is
  present.
This commit is contained in:
Victor Stinner 2022-05-06 01:34:11 +02:00 committed by GitHub
parent f6dd14c653
commit ada8b6d1b1
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
20 changed files with 174 additions and 35 deletions
Download patch file Download diff file Expand all files Collapse all files

31
Doc/using/cmdline.rst
View file

@ -257,6 +257,8 @@ Miscellaneous options
Ignore all :envvar:`PYTHON*` environment variables, e.g.
:envvar:`PYTHONPATH` and :envvar:`PYTHONHOME`, that might be set.
See also the :option:`-P` and :option:`-I` (isolated) options.
.. cmdoption:: -i
@ -271,7 +273,9 @@ Miscellaneous options
.. cmdoption:: -I
Run Python in isolated mode. This also implies -E and -s.
Run Python in isolated mode. This also implies :option:`-E`, :option:`-P`
and :option:`-s` options.
In isolated mode :data:`sys.path` contains neither the script's directory nor
the user's site-packages directory. All :envvar:`PYTHON*` environment
variables are ignored, too. Further restrictions may be imposed to prevent
@ -301,6 +305,23 @@ Miscellaneous options
Modify ``.pyc`` filenames according to :pep:`488`.
.. cmdoption:: -P
Don't prepend a potentially unsafe path to :data:`sys.path`:
* ``python -m module`` command line: Don't prepend the current working
directory.
* ``python script.py`` command line: Don't prepend the script's directory.
If it's a symbolic link, resolve symbolic links.
* ``python -c code`` and ``python`` (REPL) command lines: Don't prepend an
empty string, which means the current working directory.
See also the :envvar:`PYTHONSAFEPATH` environment variable, and :option:`-E`
and :option:`-I` (isolated) options.
.. versionadded:: 3.11
.. cmdoption:: -q
Don't display the copyright and version messages even in interactive mode.
@ -583,6 +604,14 @@ conflict.
within a Python program as the variable :data:`sys.path`.
.. envvar:: PYTHONSAFEPATH
If this is set to a non-empty string, don't prepend a potentially unsafe
path to :data:`sys.path`: see the :option:`-P` option for details.
.. versionadded:: 3.11
.. envvar:: PYTHONPLATLIBDIR
If this is set to a non-empty string, it overrides the :data:`sys.platlibdir`