diff options
author | Victor Stinner <vstinner@python.org> | 2022-05-06 02:53:00 (GMT) |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-05-06 02:53:00 (GMT) |
commit | 5f29268283aba12d4f2c83cab4966286e0ac5128 (patch) | |
tree | 9a89d91965ee5ee8d9d6e76e071e2181d521f089 /Doc/library/security_warnings.rst | |
parent | 329afe78c3bbc234492a53f7a4084d07e215a077 (diff) | |
download | cpython-5f29268283aba12d4f2c83cab4966286e0ac5128.zip cpython-5f29268283aba12d4f2c83cab4966286e0ac5128.tar.gz cpython-5f29268283aba12d4f2c83cab4966286e0ac5128.tar.bz2 |
gh-57684: Document safe path in What's New in Python 3.11 (#92362)
Mention also -P and PYTHONSAFEPATH in the Security Considerations
page.
Diffstat (limited to 'Doc/library/security_warnings.rst')
-rw-r--r-- | Doc/library/security_warnings.rst | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/Doc/library/security_warnings.rst b/Doc/library/security_warnings.rst index 26b015c..f985dc4 100644 --- a/Doc/library/security_warnings.rst +++ b/Doc/library/security_warnings.rst @@ -32,3 +32,9 @@ The following modules have specific security considerations: * :mod:`xml`: :ref:`XML vulnerabilities <xml-vulnerabilities>` * :mod:`zipfile`: :ref:`maliciously prepared .zip files can cause disk volume exhaustion <zipfile-resources-limitations>` + +The :option:`-I` command line option can be used to run Python in isolated +mode. When it cannot be used, the :option:`-P` option or the +:envvar:`PYTHONSAFEPATH` environment variable can be used to not prepend a +potentially unsafe path to :data:`sys.path` such as the current directory, the +script's directory or an empty string. |