[Pythonmac-SIG] Round 2 with Leopard+Python
Boyd Waters
bwaters at nrao.edu
Fri Nov 2 14:05:55 PDT 2007
FYI:
On Leopard, "sudo" filters environment variables, including PYTHONPATH.
I have not tested this with MacPorts yet; I've been running MacPorts
as a "normal" user without sudo. Will this matter for MacPorts?
> Running "sudo -V" as root shows sudo's settings; part of that is
> environment variables that it will not pass on or that it will
> check for dangerous content.
On Nov 2, 2007, at 2:59 PM, Boyd Waters wrote:
> One work-around is to add this line to /etc/sudoers:
>
> Defaults env_keep += "PYTHONPATH"
>
>
>
> But that would involve editing a file in /etc as root.
> Straightforward enough, but likely to get overwritten and what if
> the user screws this up?
>
>
> So Plan B -
>
> what if you added something in a .pth file in /Library/Python/2.5/
> site-packages that re-orders the sys.path?
>
> Wouldn't that always work?
>
>
>
>
> On Nov 2, 2007, at 2:49 PM, Boyd Waters wrote:
>
>>
>> On Nov 2, 2007, at 10:16 AM, Brian Granger wrote:
>>
>>> First, if you have set PYTHONPATH to point
>>> sys.path at the site-packages in /Library, this setting will be lost
>>> when you do:
>>>
>>> sudo python setup.py install
>>
>>
>> Ouch, another good one...
>>
>> This is almost certainly not a bug, but rather a security feature.
>>
>>> The administrator can add a line to the sudoers file:
>>>
>>> Defaults env_reset
>>>
>>> that will reset the environment to only contain the variables
>>> HOME, LOGNAME,
>>> PATH, SHELL, TERM, and USER, preventing this attack.
>>
>>
>>
>
More information about the macports-dev
mailing list