Issue #16400: Add command line option for isolated mode.
-I
Run Python in isolated mode. This also implies -E and -s. In isolated mode
sys.path contains neither the script’s directory nor the user’s
site-packages directory. All PYTHON* environment variables are ignored,
too. Further restrictions may be imposed to prevent the user from
injecting malicious code.
diff --git a/Python/pythonrun.c b/Python/pythonrun.c
index 86c3206..b0bc549 100644
--- a/Python/pythonrun.c
+++ b/Python/pythonrun.c
@@ -112,6 +112,7 @@
int Py_NoUserSiteDirectory = 0; /* for -s and site.py */
int Py_UnbufferedStdioFlag = 0; /* Unbuffered binary std{in,out,err} */
int Py_HashRandomizationFlag = 0; /* for -R and PYTHONHASHSEED */
+int Py_IsolatedFlag = 0; /* for -I, isolate from user's env */
PyThreadState *_Py_Finalizing = NULL;
diff --git a/Python/sysmodule.c b/Python/sysmodule.c
index 754bcfe..72004f8a 100644
--- a/Python/sysmodule.c
+++ b/Python/sysmodule.c
@@ -1369,6 +1369,7 @@
{"bytes_warning", "-b"},
{"quiet", "-q"},
{"hash_randomization", "-R"},
+ {"isolated", "-I"},
{0}
};
@@ -1376,7 +1377,7 @@
"sys.flags", /* name */
flags__doc__, /* doc */
flags_fields, /* fields */
- 12
+ 13
};
static PyObject*
@@ -1406,6 +1407,7 @@
SetFlag(Py_BytesWarningFlag);
SetFlag(Py_QuietFlag);
SetFlag(Py_HashRandomizationFlag);
+ SetFlag(Py_IsolatedFlag);
#undef SetFlag
if (PyErr_Occurred()) {
@@ -1944,7 +1946,7 @@
void
PySys_SetArgv(int argc, wchar_t **argv)
{
- PySys_SetArgvEx(argc, argv, 1);
+ PySys_SetArgvEx(argc, argv, Py_IsolatedFlag == 0);
}
/* Reimplementation of PyFile_WriteString() no calling indirectly