python.el: why remove '' from sys.path?

python.el: why remove '' from sys.path?

[Eric Hanchrow]

I just noticed that my inferior python refuses to load modules from
the current directory, and traced the cause to this commit:

commit 52ebf5328eaae31b69a02de160c93f6168921fc2
Author: Romain Francoise <romain@orebokech.com>
Date:   Sun Aug 24 19:47:07 2008 +0000

    (run-python): Remove '' from sys.path.

Can you explain why you removed the current directory from sys.path?
I think it'd be more convenient to have it present.

Re: python.el: why remove '' from sys.path?

[Eric Hanchrow]

On Fri, Mar 13, 2009 at 11:40 AM, Eric Hanchrow <eric.hanchrow@gmail.com> wrote:
> I just noticed that my inferior python refuses to load modules from
> the current directory, and traced the cause to this commit:
>
> commit 52ebf5328eaae31b69a02de160c93f6168921fc2
> Author: Romain Francoise <romain@orebokech.com>
> Date:   Sun Aug 24 19:47:07 2008 +0000
>
>    (run-python): Remove '' from sys.path.
>
> Can you explain why you removed the current directory from sys.path?
> I think it'd be more convenient to have it present.
>

Never mind; a few moment's searching gmane yielded the answer: security.
http://article.gmane.org/gmane.emacs.devel/103569/

Re: python.el: why remove '' from sys.path?

[John Sullivan]

Eric Hanchrow <eric.hanchrow@gmail.com> writes:

> On Fri, Mar 13, 2009 at 11:40 AM, Eric Hanchrow <eric.hanchrow@gmail.com> wrote:
>> I just noticed that my inferior python refuses to load modules from
>> the current directory, and traced the cause to this commit:
>>
>> commit 52ebf5328eaae31b69a02de160c93f6168921fc2
>> Author: Romain Francoise <romain@orebokech.com>
>> Date:   Sun Aug 24 19:47:07 2008 +0000
>>
>>    (run-python): Remove '' from sys.path.
>>
>> Can you explain why you removed the current directory from sys.path?
>> I think it'd be more convenient to have it present.
>>
>
> Never mind; a few moment's searching gmane yielded the answer: security.
> http://article.gmane.org/gmane.emacs.devel/103569/

Why wouldn't the answer be to move '' to the end of sys.path, so that
overloading the emacs module with something malicious in the current
directory wouldn't be possible? Or how about checking the permissions of
the current directory before removing '' from the path? Or checking an
expected hash of the emacs and other imported-by-default modules?

Having the current working directory be in the python path is pretty
important to me and I think to other people as well. Moreover having the
emacs python shell behave too differently from the standard python shell
is a hassle.

-- 
John Sullivan
Emacs Planner Maintainer
http://wjsullivan.net/PlannerMode.html
GPG Key: AE8600B6

Re: python.el: why remove '' from sys.path?

[Chong Yidong]

John Sullivan <john@wjsullivan.net> writes:

> Why wouldn't the answer be to move '' to the end of sys.path, so that
> overloading the emacs module with something malicious in the current
> directory wouldn't be possible? Or how about checking the permissions of
> the current directory before removing '' from the path? Or checking an
> expected hash of the emacs and other imported-by-default modules?
>
> Having the current working directory be in the python path is pretty
> important to me and I think to other people as well. Moreover having the
> emacs python shell behave too differently from the standard python shell
> is a hassle.

I'm open to revisiting this.  IIRC, the issue with checking permissions
before removing '' from sys.path is that we weren't sure this would DTRT
on platforms like Windows.  As for moving '' to the end of sys.path,
that would itself be an incompatibility.

One thing to keep in mind here is that it may not be obvious to the user
that she is executing python code---if I understand correctly, the
python shell can be launched automatically when eldoc mode is on.

Re: python.el: why remove '' from sys.path?

[John Sullivan]

Chong Yidong <cyd@stupidchicken.com> writes:

> John Sullivan <john@wjsullivan.net> writes:
>
>> Why wouldn't the answer be to move '' to the end of sys.path, so that
>> overloading the emacs module with something malicious in the current
>> directory wouldn't be possible? Or how about checking the permissions of
>> the current directory before removing '' from the path? Or checking an
>> expected hash of the emacs and other imported-by-default modules?
>>
>> Having the current working directory be in the python path is pretty
>> important to me and I think to other people as well. Moreover having the
>> emacs python shell behave too differently from the standard python shell
>> is a hassle.
>
> I'm open to revisiting this.  IIRC, the issue with checking permissions
> before removing '' from sys.path is that we weren't sure this would DTRT
> on platforms like Windows.  As for moving '' to the end of sys.path,
> that would itself be an incompatibility.
>

Moving it to the end would also be an incompatibility, that's true, but
a much less severe one. I could still import modules I'm hacking on
which are in the current directory without having to modify sys.path,
and I'd say that is the most common use case. 

I'm not sure about the Windows permissions issues -- I don't have any
ability to help test that.

> One thing to keep in mind here is that it may not be obvious to the user
> that she is executing python code---if I understand correctly, the
> python shell can be launched automatically when eldoc mode is on.
>

Right, and that makes sense to me as a legit reason why this is a
security issue in this case but not in the case of a standard python
shell.

-- 
John Sullivan
Emacs Planner Maintainer
http://wjsullivan.net/PlannerMode.html
GPG Key: AE8600B6