From: John Sullivan <john@wjsullivan.net>
To: emacs-devel@gnu.org
Subject: Re: python.el: why remove '' from sys.path?
Date: Sun, 15 Mar 2009 17:09:04 -0400 [thread overview]
Message-ID: <87eiwy7atr.fsf@ashbery.wjsullivan.net> (raw)
In-Reply-To: 36366a980903131158m33544fa8u4083c036aca55720@mail.gmail.com
Eric Hanchrow <eric.hanchrow@gmail.com> writes:
> On Fri, Mar 13, 2009 at 11:40 AM, Eric Hanchrow <eric.hanchrow@gmail.com> wrote:
>> I just noticed that my inferior python refuses to load modules from
>> the current directory, and traced the cause to this commit:
>>
>> commit 52ebf5328eaae31b69a02de160c93f6168921fc2
>> Author: Romain Francoise <romain@orebokech.com>
>> Date: Sun Aug 24 19:47:07 2008 +0000
>>
>> (run-python): Remove '' from sys.path.
>>
>> Can you explain why you removed the current directory from sys.path?
>> I think it'd be more convenient to have it present.
>>
>
> Never mind; a few moment's searching gmane yielded the answer: security.
> http://article.gmane.org/gmane.emacs.devel/103569/
Why wouldn't the answer be to move '' to the end of sys.path, so that
overloading the emacs module with something malicious in the current
directory wouldn't be possible? Or how about checking the permissions of
the current directory before removing '' from the path? Or checking an
expected hash of the emacs and other imported-by-default modules?
Having the current working directory be in the python path is pretty
important to me and I think to other people as well. Moreover having the
emacs python shell behave too differently from the standard python shell
is a hassle.
--
John Sullivan
Emacs Planner Maintainer
http://wjsullivan.net/PlannerMode.html
GPG Key: AE8600B6
next prev parent reply other threads:[~2009-03-15 21:09 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-03-13 18:40 python.el: why remove '' from sys.path? Eric Hanchrow
2009-03-13 18:58 ` Eric Hanchrow
2009-03-15 21:09 ` John Sullivan [this message]
2009-03-16 1:07 ` Chong Yidong
2009-03-16 1:46 ` John Sullivan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.gnu.org/software/emacs/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87eiwy7atr.fsf@ashbery.wjsullivan.net \
--to=john@wjsullivan.net \
--cc=emacs-devel@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).