Senior Software Engineer, responsible for integrations and author of the "phylum" Python package. Documentation and quality champion, runner, baseball and scout dad, pod-faster, and lover of outdoors.
Arbitrary code execution is possible with build hooks offered by modern Python package installers when building modern PEP-518 pyproject.toml projects.
Build requirements in Python source distributions allow attackers to execute arbitrary code in an isolated build environment that is automatically deleted after use.