[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: python.el: why remove '' from sys.path?
|
From: |
John Sullivan |
|
Subject: |
Re: python.el: why remove '' from sys.path? |
|
Date: |
Sun, 15 Mar 2009 17:09:04 -0400 |
|
User-agent: |
Gnus/5.110009 (No Gnus v0.9) Emacs/23.0.60 (gnu/linux) |
Eric Hanchrow <address@hidden> writes:
> On Fri, Mar 13, 2009 at 11:40 AM, Eric Hanchrow <address@hidden> wrote:
>> I just noticed that my inferior python refuses to load modules from
>> the current directory, and traced the cause to this commit:
>>
>> commit 52ebf5328eaae31b69a02de160c93f6168921fc2
>> Author: Romain Francoise <address@hidden>
>> Date: Sun Aug 24 19:47:07 2008 +0000
>>
>> (run-python): Remove '' from sys.path.
>>
>> Can you explain why you removed the current directory from sys.path?
>> I think it'd be more convenient to have it present.
>>
>
> Never mind; a few moment's searching gmane yielded the answer: security.
> http://article.gmane.org/gmane.emacs.devel/103569/
Why wouldn't the answer be to move '' to the end of sys.path, so that
overloading the emacs module with something malicious in the current
directory wouldn't be possible? Or how about checking the permissions of
the current directory before removing '' from the path? Or checking an
expected hash of the emacs and other imported-by-default modules?
Having the current working directory be in the python path is pretty
important to me and I think to other people as well. Moreover having the
emacs python shell behave too differently from the standard python shell
is a hassle.
--
John Sullivan
Emacs Planner Maintainer
http://wjsullivan.net/PlannerMode.html
GPG Key: AE8600B6