Mirror
/
cpython
mirror of https://github.com/python/cpython
4
1
Fork 0
Code Issues Releases Wiki Activity

gh-57684: Document safe path in What's New in Python 3.11 (#92362) 

Mention also -P and PYTHONSAFEPATH in the Security Considerations
page.
This commit is contained in:
Victor Stinner 2022-05-06 04:53:00 +02:00 committed by GitHub
parent 329afe78c3
commit 5f29268283
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
Doc/library/security_warnings.rst
View File

@ -32,3 +32,9 @@ The following modules have specific security considerations:
* :mod:`xml`: :ref:`XML vulnerabilities <xml-vulnerabilities>` * :mod:`xml`: :ref:`XML vulnerabilities <xml-vulnerabilities>`
* :mod:`zipfile`: :ref:`maliciously prepared .zip files can cause disk volume * :mod:`zipfile`: :ref:`maliciously prepared .zip files can cause disk volume
exhaustion <zipfile-resources-limitations>` exhaustion <zipfile-resources-limitations>`
The :option:`-I` command line option can be used to run Python in isolated
mode. When it cannot be used, the :option:`-P` option or the
:envvar:`PYTHONSAFEPATH` environment variable can be used to not prepend a
potentially unsafe path to :data:`sys.path` such as the current directory, the
script's directory or an empty string.

6
Doc/whatsnew/3.11.rst
View File

@ -79,6 +79,12 @@ New typing features:
* :pep:`673`: ``Self`` type. * :pep:`673`: ``Self`` type.
* :pep:`675`: Arbitrary literal string type. * :pep:`675`: Arbitrary literal string type.
Security improvements:
* New :option:`-P` command line option and :envvar:`PYTHONSAFEPATH` environment
variable to not prepend a potentially unsafe path to :data:`sys.path` such as
the current directory, the script's directory or an empty string.
New Features New Features
============ ============