473,402 Members | 2,061 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > python > questions > pep 304, and alternative

Join Bytes to post your question to a community of 473,402 software developers and data experts.

PEP 304, and alternative

Evening all,

haven't seen much discussion on PEP 304 recently, what's its current
status?

As I'm currently writing something that also allows configuration of where
bytecode files go, I finally got around to reading the PEP, and I'm really
not convinced I like the approach it takes. It's so broad-brush;
PYTHONBYTECODEBASE can only really be set per-user, and is likely to cause
the same problems PYTHONPATH did (before site-packages and .pth files made
all that easier).

The problems with user rights also look really horrid. Say bytecodebase is
/tmp/python/. All users must have write access to /tmp/python/home, so they
can store PYCs for PYs in their home directory; however if user A hasn't yet
run a PY from his home directory, user B can create /tmp/python/home/A and
put a booby-trapped PYC in, that could be run when user A executes a script
of the same name from /home/A. The only way I can see of getting around
problems like this in 304 is to create a complete skeleton of the existing
filesystem, owned by the same users as in the main filesystem, and keep it
updated. Which is impractical.

I'd instead like to do it by having a writable mapping in sys somewhere
which can hold a number of directory remappings. This could then be written
to on a site-level basis by sitecustomize.py and/or a user or module-level
basis by user code. eg.

sys.bytecodebases= {
'/home/and/pylib/': '/home/and/pybin/',
'/www/htdocs/cgi-bin/': '/www/cgi-cache/'
}

and so on. Filenames of .py files could be compared by string.startswith to
see if they match each rule. If they match more than one, the rule with the
longest key is used. If a match is made, its key is replaced by the value,
and 'c' or 'o' added to the filename. An attempt is made to makedirs the
parent directory if it doesn't exist.

IMO such a mapping, if it occurs, should replace rather than augment the
original directory as in 304. The need to look in the same directory
regardless of bytecodebase seems to come from the need to keep the process
of finding standard library modules unchanged; a selective remapping like
this would avoid the problem by not touching the standard modules (unless
you really want it to).

Also it avoids the problem of what to do on multi-root filesystems like that
of Windows, as only string matching is required.

(O)bjections, (T)houghts, (A)buse?

--
Andrew Clover
mailto:an*@doxdesk.com
http://www.doxdesk.com/
Jul 18 '05 #1
1 1695

Andrew> haven't seen much discussion on PEP 304 recently, what's its
Andrew> current status?

Same as before.

Andrew> It's so broad-brush; PYTHONBYTECODEBASE can only really be set
Andrew> per-user, and is likely to cause the same problems PYTHONPATH
Andrew> did (before site-packages and .pth files made all that easier).

Why is this a problem? It gives the user control over where .pyc files will
be written. My initial intent was that if users set it at all, it would be
set something like

PYTHONBYTECODEBASE=$HOME/tmp/python

or

PYTHONBYTECODEBASE=/tmp/skip/python

Andrew> The problems with user rights also look really horrid. Say
Andrew> bytecodebase is /tmp/python/. All users must have write access
Andrew> to /tmp/python/home, so they can store PYCs for PYs in their
Andrew> home directory; however if user A hasn't yet run a PY from his
Andrew> home directory, user B can create /tmp/python/home/A and put a
Andrew> booby-trapped PYC in, that could be run when user A executes a
Andrew> script of the same name from /home/A.

This is (minimally) addressed in the Issues section:

What if PYTHONBYTECODEBASE refers to a general directory (say, /tmp)?
In this case, perhaps loading of a preexisting bytecode file should
occur only if the file is owned by the current user or root.

By "general directory" I mean writable by more than just root.

Andrew> I'd instead like to do it by having a writable mapping in sys
Andrew> somewhere which can hold a number of directory remappings. This
Andrew> could then be written to on a site-level basis by
Andrew> sitecustomize.py and/or a user or module-level basis by user
Andrew> code. eg.

Andrew> sys.bytecodebases= {
Andrew> '/home/and/pylib/': '/home/and/pybin/',
Andrew> '/www/htdocs/cgi-bin/': '/www/cgi-cache/'
Andrew> }

Andrew> and so on.

How is this better? How does it address the security problem you raised
above?

Andrew> Also it avoids the problem of what to do on multi-root
Andrew> filesystems like that of Windows, as only string matching is
Andrew> required.

Windows' multi-root filesystem is a known problem. I've not yet been able
to solve it, though I must admit I haven't worked on it in awhile either.

Skip
Jul 18 '05 #2
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

99
Alternative decorator syntax decision
by: Paul McGuire | last post by:
There are a number of messages on the python-dev mail list that indicate that Guido is looking for some concensus to come from this list as to what *one* alternative syntax for decorators we would...
Python
10
Alternative decorator syntax decision
by: Nicolas Fleury | last post by:
Hi all, The part of the Python community that doesn't like @decorators needs to unite behind an alternative syntax to propose to Guido. I suggest we use this thread to try to do it. If you...
Python
28
Alternative decorator syntax - POLL RESULTS SO FAR - ARE WE DONE?
by: Paul McGuire | last post by:
Well, after 3 days of open polling, the number of additional votes have dropped off pretty dramatically. Here are the results so far: Total voters: 55 (with 3 votes each) Votes for each choice...
Python
1
alternative for outerHTML property which is supported by Mozilla firefox browser
by: prasaddevivara | last post by:
I am using the outerHTML property to modify the HTML of existin elements in a web page in Internet Explorer. But same outerHTM property is not working in firefox browser, Anybody can tell me a...
Javascript
0
Multipart alternative emails with attachment
by: sachintandon | last post by:
Hello all, Thanks in advance for your help I have a problem in sending emails, my requirement is to send multipart alternative emails with attachments, I'm able to send text with attachments or...
Perl
0
Migrating Website to Cloud - Emmanuel Katto
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
General
1
Looking to do Android software development, any suggestions? Is flutter better?
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
General
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Computer Hardware
0
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Windows Server
0
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++
0
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
Windows Server
0
isladogs
Access Europe - Using VBA to create a class based on a table - Wed 1 May
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new...
Microsoft Access / VBA

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!