mirrors/cpython
1
0
Fork 0
mirror of https://github.com/python/cpython.git synced 2025-08-04 08:59:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 11

gh-57684: Add -P cmdline option and PYTHONSAFEPATH env var (#31542)

Browse source 
Add the -P command line option and the PYTHONSAFEPATH environment
variable to not prepend a potentially unsafe path to sys.path.

* Add sys.flags.safe_path flag.
* Add PyConfig.safe_path member.
* Programs/_bootstrap_python.c uses config.safe_path=0.
* Update subprocess._optim_args_from_interpreter_flags() to handle
  the -P command line option.
* Modules/getpath.py sets safe_path to 1 if a "._pth" file is
  present.
This commit is contained in:
Victor Stinner 2022-05-06 01:34:11 +02:00 committed by GitHub
parent f6dd14c653
commit ada8b6d1b1
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
20 changed files with 174 additions and 35 deletions
Download patch file Download diff file Expand all files Collapse all files

14
Misc/python.man
View file

@ -43,6 +43,9 @@ python \- an interpreted, interactive, object-oriented programming language
.B \-OO
]
[
.B \-P
]
[
.B \-s
]
[
@ -154,7 +157,7 @@ useful to inspect global variables or a stack trace when a script
raises an exception.
.TP
.B \-I
Run Python in isolated mode. This also implies \fB\-E\fP and \fB\-s\fP. In
Run Python in isolated mode. This also implies \fB\-E\fP, \fB\-P\fP and \fB\-s\fP. In
isolated mode sys.path contains neither the script's directory nor the user's
site-packages directory. All PYTHON* environment variables are ignored, too.
Further restrictions may be imposed to prevent the user from injecting
@ -177,6 +180,11 @@ adding .opt-1 before the .pyc extension.
Do \fB-O\fP and also discard docstrings; change the filename for
compiled (bytecode) files by adding .opt-2 before the .pyc extension.
.TP
.B \-P
Don't automatically prepend a potentially unsafe path to \fBsys.path\fP such
as the current directory, the script's directory or an empty string. See also the
\fBPYTHONSAFEPATH\fP environment variable.
.TP
.B \-q
Do not print the version and copyright messages. These messages are
also suppressed in non-interactive mode.
@ -398,6 +406,10 @@ needed for developing Python extensions and embedding the
interpreter.
.RE
.SH ENVIRONMENT VARIABLES
.IP PYTHONSAFEPATH
If this is set to a non-empty string, don't automatically prepend a potentially
unsafe path to \fBsys.path\fP such as the current directory, the script's
directory or an empty string. See also the \fB\-P\fP option.
.IP PYTHONHOME
Change the location of the standard Python libraries. By default, the
libraries are searched in ${prefix}/lib/python<version> and