diff options
| -rw-r--r-- | Doc/library/security_warnings.rst | 6 | ||||
| -rw-r--r-- | Doc/whatsnew/3.11.rst | 6 |
2 files changed, 12 insertions, 0 deletions
diff --git a/Doc/library/security_warnings.rst b/Doc/library/security_warnings.rst index 26b015c..f985dc4 100644 --- a/Doc/library/security_warnings.rst +++ b/Doc/library/security_warnings.rst @@ -32,3 +32,9 @@ The following modules have specific security considerations: * :mod:`xml`: :ref:`XML vulnerabilities <xml-vulnerabilities>` * :mod:`zipfile`: :ref:`maliciously prepared .zip files can cause disk volume exhaustion <zipfile-resources-limitations>` + +The :option:`-I` command line option can be used to run Python in isolated +mode. When it cannot be used, the :option:`-P` option or the +:envvar:`PYTHONSAFEPATH` environment variable can be used to not prepend a +potentially unsafe path to :data:`sys.path` such as the current directory, the +script's directory or an empty string. diff --git a/Doc/whatsnew/3.11.rst b/Doc/whatsnew/3.11.rst index efcfa17..c84b36f 100644 --- a/Doc/whatsnew/3.11.rst +++ b/Doc/whatsnew/3.11.rst @@ -79,6 +79,12 @@ New typing features: * :pep:`673`: ``Self`` type. * :pep:`675`: Arbitrary literal string type. +Security improvements: + +* New :option:`-P` command line option and :envvar:`PYTHONSAFEPATH` environment + variable to not prepend a potentially unsafe path to :data:`sys.path` such as + the current directory, the script's directory or an empty string. + New Features ============ |