New submission from STINNER Victor <[EMAIL PROTECTED]>: Python3 skips environment variables which can not be parsed and decoded as unicode strings. But exec*() functions keep the original environment and so the child process environment is different than the Python environement (than os.environ).
I propose to remove these variables to avoid strange behaviours, but also to avoid possible security issues. The attached patch is an implementation of this idea using a custom implementation of unsetenv(): _Py_unsetenv() argument is not the name of the variable but the raw variable including the value (eg. "a=b"). So it's also possible to drop truncated variables like "a" (no value nor "=" character). This issue also affects Python2 since Python2 does also skip variable with no value but the variables still exist in memory (and so child process get them). ---------- components: Interpreter Core files: unsetenv.patch keywords: patch messages: 74784 nosy: haypo severity: normal status: open title: remove not decodable environment variables type: security versions: Python 3.0 Added file: http://bugs.python.org/file11799/unsetenv.patch _______________________________________ Python tracker <[EMAIL PROTECTED]> <http://bugs.python.org/issue4126> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
