From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!not-for-mail
From: John Sullivan <john@wjsullivan.net>
Newsgroups: gmane.emacs.devel
Subject: Re: python.el: why remove '' from sys.path?
Date: Sun, 15 Mar 2009 17:09:04 -0400
Message-ID: <87eiwy7atr.fsf@ashbery.wjsullivan.net>
References: <36366a980903131140p7a66c5a2ncabec4df11edcce1@mail.gmail.com>
	<36366a980903131158m33544fa8u4083c036aca55720@mail.gmail.com>
NNTP-Posting-Host: lo.gmane.org
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Trace: ger.gmane.org 1237155042 22537 80.91.229.12 (15 Mar 2009 22:10:42 GMT)
X-Complaints-To: usenet@ger.gmane.org
NNTP-Posting-Date: Sun, 15 Mar 2009 22:10:42 +0000 (UTC)
To: emacs-devel@gnu.org
Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Sun Mar 15 23:11:58 2009
Return-path: <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>
Envelope-to: ged-emacs-devel@m.gmane.org
Original-Received: from lists.gnu.org ([199.232.76.165])
	by lo.gmane.org with esmtp (Exim 4.50)
	id 1LiyYk-0007GJ-FV
	for ged-emacs-devel@m.gmane.org; Sun, 15 Mar 2009 23:11:54 +0100
Original-Received: from localhost ([127.0.0.1]:50695 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43)
	id 1LiyXO-0007FZ-5A
	for ged-emacs-devel@m.gmane.org; Sun, 15 Mar 2009 18:10:30 -0400
Original-Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1LiyVY-0006aJ-Ek
	for emacs-devel@gnu.org; Sun, 15 Mar 2009 18:08:36 -0400
Original-Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43)
	id 1LiyVU-0006Xo-Js
	for emacs-devel@gnu.org; Sun, 15 Mar 2009 18:08:36 -0400
Original-Received: from [199.232.76.173] (port=38205 helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1LiyVU-0006Xl-Fo
	for emacs-devel@gnu.org; Sun, 15 Mar 2009 18:08:32 -0400
Original-Received: from main.gmane.org ([80.91.229.2]:48497 helo=ciao.gmane.org)
	by monty-python.gnu.org with esmtps (TLS-1.0:RSA_AES_256_CBC_SHA1:32)
	(Exim 4.60) (envelope-from <ged-emacs-devel@m.gmane.org>)
	id 1LiyVT-0006gW-Ur
	for emacs-devel@gnu.org; Sun, 15 Mar 2009 18:08:32 -0400
Original-Received: from list by ciao.gmane.org with local (Exim 4.43)
	id 1LiyVR-00068x-Qn
	for emacs-devel@gnu.org; Sun, 15 Mar 2009 22:08:29 +0000
Original-Received: from c-66-31-28-102.hsd1.ma.comcast.net ([66.31.28.102])
	by main.gmane.org with esmtp (Gmexim 0.1 (Debian))
	id 1AlnuQ-0007hv-00
	for <emacs-devel@gnu.org>; Sun, 15 Mar 2009 22:08:29 +0000
Original-Received: from john by c-66-31-28-102.hsd1.ma.comcast.net with local (Gmexim
	0.1 (Debian)) id 1AlnuQ-0007hv-00
	for <emacs-devel@gnu.org>; Sun, 15 Mar 2009 22:08:29 +0000
X-Injected-Via-Gmane: http://gmane.org/
Original-Lines: 35
Original-X-Complaints-To: usenet@ger.gmane.org
X-Gmane-NNTP-Posting-Host: c-66-31-28-102.hsd1.ma.comcast.net
User-Agent: Gnus/5.110009 (No Gnus v0.9) Emacs/23.0.60 (gnu/linux)
Cancel-Lock: sha1:YMZ+RB1bovdIEbjbqkMWWd2d8Os=
X-detected-operating-system: by monty-python.gnu.org: GNU/Linux 2.6,
	seldom 2.4 (older, 4)
X-BeenThere: emacs-devel@gnu.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Emacs development discussions." <emacs-devel.gnu.org>
List-Unsubscribe: <http://lists.gnu.org/mailman/listinfo/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/emacs-devel>
List-Post: <mailto:emacs-devel@gnu.org>
List-Help: <mailto:emacs-devel-request@gnu.org?subject=help>
List-Subscribe: <http://lists.gnu.org/mailman/listinfo/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=subscribe>
Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Xref: news.gmane.org gmane.emacs.devel:109643
Archived-At: <http://permalink.gmane.org/gmane.emacs.devel/109643>

Eric Hanchrow <eric.hanchrow@gmail.com> writes:

> On Fri, Mar 13, 2009 at 11:40 AM, Eric Hanchrow <eric.hanchrow@gmail.com> wrote:
>> I just noticed that my inferior python refuses to load modules from
>> the current directory, and traced the cause to this commit:
>>
>> commit 52ebf5328eaae31b69a02de160c93f6168921fc2
>> Author: Romain Francoise <romain@orebokech.com>
>> Date:   Sun Aug 24 19:47:07 2008 +0000
>>
>>    (run-python): Remove '' from sys.path.
>>
>> Can you explain why you removed the current directory from sys.path?
>> I think it'd be more convenient to have it present.
>>
>
> Never mind; a few moment's searching gmane yielded the answer: security.
> http://article.gmane.org/gmane.emacs.devel/103569/

Why wouldn't the answer be to move '' to the end of sys.path, so that
overloading the emacs module with something malicious in the current
directory wouldn't be possible? Or how about checking the permissions of
the current directory before removing '' from the path? Or checking an
expected hash of the emacs and other imported-by-default modules?

Having the current working directory be in the python path is pretty
important to me and I think to other people as well. Moreover having the
emacs python shell behave too differently from the standard python shell
is a hassle.

-- 
John Sullivan
Emacs Planner Maintainer
http://wjsullivan.net/PlannerMode.html
GPG Key: AE8600B6