* [PATCH] python.el(run-python): Explain why we remove the current directory from sys.path
@ 2009-03-13 19:01 eric.hanchrow
0 siblings, 0 replies; only message in thread
From: eric.hanchrow @ 2009-03-13 19:01 UTC (permalink / raw
To: emacs-devel; +Cc: Eric Hanchrow
From: Eric Hanchrow <erich@cozi.com>
---
lisp/progmodes/python.el | 6 +++++-
1 files changed, 5 insertions(+), 1 deletions(-)
diff --git a/lisp/progmodes/python.el b/lisp/progmodes/python.el
index 7221d8e..81d073a 100644
--- a/lisp/progmodes/python.el
+++ b/lisp/progmodes/python.el
@@ -1552,7 +1552,11 @@ buffer for a list of commands.)"
(with-current-buffer
(let* ((cmdlist
(append (python-args-to-list cmd)
- '("-i" "-c" "import sys; sys.path.remove('')")))
+ ;; Removing the current directory from
+ ;; sys.path prevents an attacker from tricking
+ ;; us into running malicious code. See
+ ;; http://article.gmane.org/gmane.emacs.devel/103569
+ '("-i" "-c" "import sys; sys.path.remove('')")))
(path (getenv "PYTHONPATH"))
(process-environment ; to import emacs.py
(cons (concat "PYTHONPATH="
--
1.6.2
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2009-03-13 19:01 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2009-03-13 19:01 [PATCH] python.el(run-python): Explain why we remove the current directory from sys.path eric.hanchrow
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/emacs.git
https://git.savannah.gnu.org/cgit/emacs/org-mode.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.