Steve Dower <steve.do...@python.org> added the comment:
Yeah, once tests are excluded and the (deprecated or nearly deprecated) distutils and msilib are dropped, the problems are pydoc (which looks non-exploitable) and anywhere we need to generate a named pipe. Both cases where named pipes are being created are as safe as the OS allows, so it's really just pydoc that might deserve a fix. (For reference, it's in the variation of help() that writes the docstring to a file and triggers the equivalent of "type <file> | more" or "cat <file> | less", which is already only useful in an interactive shell.) So I'd suggest it's already as low as possible, but if someone wants to fix pydoc (and encourage the SC to approve PEP 594 and PEP 632 so we don't have to worry about msilib or distutils) then they can feel free. ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue42278> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
