diff options
| author | Victor Stinner <vstinner@python.org> | 2022-05-05 23:34:11 (GMT) |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-05-05 23:34:11 (GMT) |
| commit | ada8b6d1b1b02ae7c38f161c2a0ad866559fe18b (patch) | |
| tree | 2da5c4813d3cf360a121a49268aa9fd2c9fe3cbb /Doc/using | |
| parent | f6dd14c65336cda4e2ebccbc6408dfe3b0a68a34 (diff) | |
| download | cpython-ada8b6d1b1b02ae7c38f161c2a0ad866559fe18b.zip cpython-ada8b6d1b1b02ae7c38f161c2a0ad866559fe18b.tar.gz cpython-ada8b6d1b1b02ae7c38f161c2a0ad866559fe18b.tar.bz2 | |
gh-57684: Add -P cmdline option and PYTHONSAFEPATH env var (#31542)
Add the -P command line option and the PYTHONSAFEPATH environment
variable to not prepend a potentially unsafe path to sys.path.
* Add sys.flags.safe_path flag.
* Add PyConfig.safe_path member.
* Programs/_bootstrap_python.c uses config.safe_path=0.
* Update subprocess._optim_args_from_interpreter_flags() to handle
the -P command line option.
* Modules/getpath.py sets safe_path to 1 if a "._pth" file is
present.
Diffstat (limited to 'Doc/using')
| -rw-r--r-- | Doc/using/cmdline.rst | 31 |
1 files changed, 30 insertions, 1 deletions
diff --git a/Doc/using/cmdline.rst b/Doc/using/cmdline.rst index d341ea8..668459f 100644 --- a/Doc/using/cmdline.rst +++ b/Doc/using/cmdline.rst @@ -257,6 +257,8 @@ Miscellaneous options Ignore all :envvar:`PYTHON*` environment variables, e.g. :envvar:`PYTHONPATH` and :envvar:`PYTHONHOME`, that might be set. + See also the :option:`-P` and :option:`-I` (isolated) options. + .. cmdoption:: -i @@ -271,7 +273,9 @@ Miscellaneous options .. cmdoption:: -I - Run Python in isolated mode. This also implies -E and -s. + Run Python in isolated mode. This also implies :option:`-E`, :option:`-P` + and :option:`-s` options. + In isolated mode :data:`sys.path` contains neither the script's directory nor the user's site-packages directory. All :envvar:`PYTHON*` environment variables are ignored, too. Further restrictions may be imposed to prevent @@ -301,6 +305,23 @@ Miscellaneous options Modify ``.pyc`` filenames according to :pep:`488`. +.. cmdoption:: -P + + Don't prepend a potentially unsafe path to :data:`sys.path`: + + * ``python -m module`` command line: Don't prepend the current working + directory. + * ``python script.py`` command line: Don't prepend the script's directory. + If it's a symbolic link, resolve symbolic links. + * ``python -c code`` and ``python`` (REPL) command lines: Don't prepend an + empty string, which means the current working directory. + + See also the :envvar:`PYTHONSAFEPATH` environment variable, and :option:`-E` + and :option:`-I` (isolated) options. + + .. versionadded:: 3.11 + + .. cmdoption:: -q Don't display the copyright and version messages even in interactive mode. @@ -583,6 +604,14 @@ conflict. within a Python program as the variable :data:`sys.path`. +.. envvar:: PYTHONSAFEPATH + + If this is set to a non-empty string, don't prepend a potentially unsafe + path to :data:`sys.path`: see the :option:`-P` option for details. + + .. versionadded:: 3.11 + + .. envvar:: PYTHONPLATLIBDIR If this is set to a non-empty string, it overrides the :data:`sys.platlibdir` |