| Store | Cart

Re: [Python-Dev] PEP 476: Enabling certificate validation by default!

From: Antoine Pitrou <soli...@pitrou.net>
Mon, 1 Sep 2014 15:34:30 +0200
On Mon, 1 Sep 2014 23:24:39 +1000
Chris Angelico <ros...@gmail.com> wrote:
> On Mon, Sep 1, 2014 at 10:41 PM, Antoine Pitrou <anto...@python.org> wrote:> > Not sure why. Just put another module named "ssl" in sys.modules directly.> > You can also monkeypatch the genuine ssl module.> > That has to be done inside the same process. But imagine this> scenario: You have a program that gets invoked as root (or some other> user than yourself), and you're trying to fiddle with what it sees.> You don't have root access, but you can manipulate the file system, to> the extent that your userid has access. What can you do to affect this> other program?

If you're root you shouldn't run untrusted code. See
https://docs.python.org/3/using/cmdline.html#cmdoption-I

Regards

Antoine.


_______________________________________________
Python-Dev mailing list
Pyth...@python.org
https://mail.python.org/mailman/listinfo/python-dev
Unsubscribe: https://mail.python.org/mailman/options/python-dev/python-dev-ml%40activestate.com

Recent Messages in this Thread
Alex Gaynor Aug 29, 2014 07:47 pm
David Reid Aug 29, 2014 07:56 pm
M.-A. Lemburg Aug 29, 2014 08:00 pm
Ethan Furman Aug 29, 2014 08:07 pm
Nick Coghlan Aug 30, 2014 11:26 pm
Antoine Pitrou Aug 31, 2014 01:25 am
R. David Murray Aug 31, 2014 02:21 am
Nick Coghlan Aug 31, 2014 06:09 am
Donald Stufft Aug 31, 2014 06:16 am
Nick Coghlan Aug 31, 2014 06:45 am
Cory Benfield Aug 31, 2014 10:42 am
R. David Murray Aug 31, 2014 02:16 pm
Christian Heimes Aug 31, 2014 04:27 pm
Paul Moore Aug 31, 2014 05:03 pm
Antoine Pitrou Aug 31, 2014 05:29 pm
Paul Moore Aug 31, 2014 06:28 pm
Antoine Pitrou Aug 31, 2014 06:37 pm
Paul Moore Aug 31, 2014 07:12 pm
Antoine Pitrou Aug 31, 2014 08:15 pm
Paul Moore Aug 31, 2014 08:30 pm
Nick Coghlan Aug 31, 2014 09:41 pm
Antoine Pitrou Aug 31, 2014 09:53 pm
Christian Heimes Aug 31, 2014 09:59 pm
Christian Heimes Aug 31, 2014 08:16 pm
Christian Heimes Aug 31, 2014 09:43 pm
Nick Coghlan Aug 31, 2014 10:10 pm
R. David Murray Sep 01, 2014 01:10 am
Nick Coghlan Sep 01, 2014 06:05 am
Nick Coghlan Sep 02, 2014 10:12 pm
Paul Moore Sep 01, 2014 06:07 am
Nick Coghlan Sep 01, 2014 06:44 am
Christian Heimes Sep 01, 2014 07:13 am
Nick Coghlan Sep 01, 2014 08:09 am
Antoine Pitrou Sep 01, 2014 12:41 pm
Chris Angelico Sep 01, 2014 01:24 pm
Antoine Pitrou Sep 01, 2014 01:34 pm
Chris Angelico Sep 01, 2014 01:42 pm
Antoine Pitrou Sep 01, 2014 01:59 pm
Nick Coghlan Sep 01, 2014 02:53 pm
Antoine Pitrou Sep 01, 2014 02:57 pm
M.-A. Lemburg Sep 08, 2014 08:09 am
Donald Stufft Aug 31, 2014 10:15 pm
Nick Coghlan Sep 01, 2014 12:06 am
Nick Coghlan Aug 31, 2014 06:24 am
Christian Heimes Aug 31, 2014 05:23 pm
Donald Stufft Aug 29, 2014 08:10 pm
Donald Stufft Aug 29, 2014 09:11 pm
R. David Murray Aug 29, 2014 09:42 pm
Antoine Pitrou Aug 29, 2014 09:57 pm
Donald Stufft Aug 29, 2014 10:00 pm
R. David Murray Aug 29, 2014 10:57 pm
Antoine Pitrou Aug 29, 2014 09:55 pm
M.-A. Lemburg Aug 29, 2014 09:58 pm
Donald Stufft Aug 29, 2014 10:08 pm
Antoine Pitrou Aug 29, 2014 10:22 pm
Christian Heimes Aug 31, 2014 11:18 am
Alex Gaynor Aug 30, 2014 02:44 am
M.-A. Lemburg Aug 30, 2014 10:19 am
Antoine Pitrou Aug 30, 2014 10:40 am
M.-A. Lemburg Aug 30, 2014 10:46 am
Antoine Pitrou Aug 30, 2014 10:55 am
M.-A. Lemburg Aug 30, 2014 12:03 pm
R. David Murray Aug 30, 2014 01:32 pm
M.-A. Lemburg Aug 30, 2014 02:20 pm
Steve Dower Aug 30, 2014 02:24 pm
Barry Warsaw Aug 30, 2014 04:42 pm
Paul Moore Aug 30, 2014 10:48 am
Alex Gaynor Aug 30, 2014 03:22 pm
Paul Moore Aug 30, 2014 03:36 pm
Marko Rauhamaa Aug 30, 2014 04:17 pm
Christian Heimes Aug 30, 2014 05:21 pm
mar...@v.loewis.de Aug 30, 2014 08:03 pm
Stephen J. Turnbull Aug 31, 2014 05:53 am
Glyph Lefkowitz Sep 02, 2014 09:00 pm
Antoine Pitrou Sep 02, 2014 09:32 pm
Alex Gaynor Sep 02, 2014 10:16 pm
Antoine Pitrou Sep 02, 2014 10:25 pm
Nick Coghlan Sep 02, 2014 11:01 pm
David Reid Sep 02, 2014 11:06 pm
Nick Coghlan Sep 02, 2014 11:28 pm
Glyph Lefkowitz Sep 02, 2014 11:47 pm
Donald Stufft Sep 03, 2014 12:06 am
Antoine Pitrou Sep 03, 2014 12:19 am
Stephen J. Turnbull Sep 03, 2014 02:43 am
Cory Benfield Sep 03, 2014 08:26 am
Nick Coghlan Sep 03, 2014 10:34 am
Antoine Pitrou Sep 03, 2014 02:29 pm
Terry Reedy Sep 03, 2014 12:59 am
R. David Murray Sep 03, 2014 01:29 am
Antoine Pitrou Sep 03, 2014 02:31 pm
R. David Murray Sep 03, 2014 03:58 pm
Ethan Furman Sep 03, 2014 05:09 pm
Alex Gaynor Sep 03, 2014 05:15 pm
Ethan Furman Sep 03, 2014 05:29 pm
Christian Heimes Sep 03, 2014 07:07 pm
R. David Murray Sep 03, 2014 07:10 pm
Ethan Furman Sep 03, 2014 07:42 pm
Guido van Rossum Sep 03, 2014 05:54 pm
Antoine Pitrou Sep 03, 2014 06:37 pm
R. David Murray Sep 03, 2014 07:06 pm
Guido van Rossum Sep 03, 2014 07:11 pm
Nick Coghlan Sep 03, 2014 11:19 pm
Antoine Pitrou Sep 03, 2014 11:36 pm
Ethan Furman Sep 04, 2014 12:00 am
Ethan Furman Sep 04, 2014 12:17 am
Nick Coghlan Sep 04, 2014 03:11 am
Antoine Pitrou Sep 04, 2014 12:39 pm
Nick Coghlan Sep 04, 2014 01:31 pm
Donald Stufft Sep 03, 2014 06:39 pm
Christian Heimes Sep 03, 2014 07:26 pm
Guido van Rossum Sep 03, 2014 07:37 pm
Christian Heimes Sep 03, 2014 07:50 pm
Alex Gaynor Sep 03, 2014 08:37 pm
Benjamin Peterson Sep 03, 2014 11:10 pm
Nick Coghlan Sep 03, 2014 11:29 pm
Victor Stinner Sep 03, 2014 07:37 pm
Christian Heimes Sep 03, 2014 07:44 pm
Stephen J. Turnbull Sep 03, 2014 10:48 pm
Gregory P. Smith Sep 08, 2014 09:35 pm
Glyph Lefkowitz Sep 02, 2014 11:21 pm
R. David Murray Sep 02, 2014 11:20 pm
Christian Heimes Sep 02, 2014 10:41 pm
Nick Coghlan Sep 01, 2014 09:31 pm
Christian Heimes Sep 01, 2014 05:01 pm
Donald Stufft Sep 01, 2014 05:08 pm
Nick Coghlan Sep 01, 2014 03:35 pm
Donald Stufft Sep 01, 2014 04:48 pm
Messages in this thread