One of the wonderful things about Python is the ease with which you can start writing a script - just drop some code into a .py file, and run python my_file.py . Similarly it’s easy to get started with modularity: split my_file.py into my_app.py and my_lib.py , and you can import my_lib from my_app.py and start organizing your code into modules. However, the details of the machinery that makes this work have some surprising, and sometimes very security-critical consequences: the more convenient it is for you to execute code from different locations, the more opportunities an attacker has to execute it as well... Python needs a safe space to load code from Here are three critical assumptions embedded in Python’s security model: Every entry on sys.path is assumed to be a secure location from which it is safe to execute arbitrary code. The directory where the “main...
Me, Mine and Myself