FYI: On Leopard, "sudo" filters environment variables, including PYTHONPATH. I have not tested this with MacPorts yet; I've been running MacPorts as a "normal" user without sudo. Will this matter for MacPorts?
Running "sudo -V" as root shows sudo's settings; part of that is environment variables that it will not pass on or that it will check for dangerous content.
On Nov 2, 2007, at 2:59 PM, Boyd Waters wrote:
One work-around is to add this line to /etc/sudoers:
Defaults env_keep += "PYTHONPATH"
But that would involve editing a file in /etc as root. Straightforward enough, but likely to get overwritten and what if the user screws this up?
So Plan B -
what if you added something in a .pth file in /Library/Python/2.5/ site-packages that re-orders the sys.path?
Wouldn't that always work?
On Nov 2, 2007, at 2:49 PM, Boyd Waters wrote:
On Nov 2, 2007, at 10:16 AM, Brian Granger wrote:
First, if you have set PYTHONPATH to point sys.path at the site-packages in /Library, this setting will be lost when you do:
sudo python setup.py install
Ouch, another good one...
This is almost certainly not a bug, but rather a security feature.
The administrator can add a line to the sudoers file:
Defaults env_reset
that will reset the environment to only contain the variables HOME, LOGNAME, PATH, SHELL, TERM, and USER, preventing this attack.
participants (1)
-
Boyd Waters