diff --git a/Doc/library/security_warnings.rst b/Doc/library/security_warnings.rst index 70c359cc1c0fc34..8791705dec9fafa 100644 --- a/Doc/library/security_warnings.rst +++ b/Doc/library/security_warnings.rst @@ -32,8 +32,3 @@ The following modules have specific security considerations: * :mod:`zipfile`: :ref:`maliciously prepared .zip files can cause disk volume exhaustion ` -The :option:`-I` command line option can be used to run Python in isolated -mode. When it cannot be used, the :option:`-P` option or the -:envvar:`PYTHONSAFEPATH` environment variable can be used to not prepend a -potentially unsafe path to :data:`sys.path` such as the current directory, the -script's directory or an empty string. diff --git a/Doc/using/cmdline.rst b/Doc/using/cmdline.rst index 677fbbae3f4219a..f7bba3e30929e88 100644 --- a/Doc/using/cmdline.rst +++ b/Doc/using/cmdline.rst @@ -294,8 +294,11 @@ Miscellaneous options .. option:: -E - Ignore all ``PYTHON*`` environment variables, e.g. + Ignore all ``PYTHON*`` environment variables, for example, :envvar:`PYTHONPATH` and :envvar:`PYTHONHOME`, that might be set. + This is useful for running commands that should not take into account the + user's current environment settings, but does not necessarily mean that the + current environment will have no effect. See also the :option:`-P` and :option:`-I` (isolated) options. @@ -324,8 +327,9 @@ Miscellaneous options In isolated mode :data:`sys.path` contains neither the script's directory nor the user's site-packages directory. All ``PYTHON*`` environment - variables are ignored, too. Further restrictions may be imposed to prevent - the user from injecting malicious code. + variables are ignored, too. This feature is not a security boundary. + Further restrictions need to be imposed to prevent the user from injecting + malicious code. .. versionadded:: 3.4 @@ -362,6 +366,8 @@ Miscellaneous options * ``python -c code`` and ``python`` (REPL) command lines: Don't prepend an empty string, which means the current working directory. + This feature is not a security boundary. Further restrictions need to be + imposed to prevent the user from injecting malicious code. See also the :envvar:`PYTHONSAFEPATH` environment variable, and :option:`-E` and :option:`-I` (isolated) options.