From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Stefan Monnier Newsgroups: gmane.emacs.bugs Subject: bug#7454: python.el sys.path improperly removes current working directory Date: Sun, 21 Nov 2010 15:09:36 -0500 Message-ID: References: <87y68mk6bg.fsf@stupidchicken.com> NNTP-Posting-Host: lo.gmane.org Mime-Version: 1.0 Content-Type: text/plain X-Trace: dough.gmane.org 1290370481 29563 80.91.229.12 (21 Nov 2010 20:14:41 GMT) X-Complaints-To: usenet@dough.gmane.org NNTP-Posting-Date: Sun, 21 Nov 2010 20:14:41 +0000 (UTC) Cc: 7454@debbugs.gnu.org, Brendan Miller To: Chong Yidong Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Sun Nov 21 21:14:36 2010 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([199.232.76.165]) by lo.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1PKGJ2-0005Tu-0G for geb-bug-gnu-emacs@m.gmane.org; Sun, 21 Nov 2010 21:14:36 +0100 Original-Received: from localhost ([127.0.0.1]:35119 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1PKGJ1-0005In-F2 for geb-bug-gnu-emacs@m.gmane.org; Sun, 21 Nov 2010 15:14:35 -0500 Original-Received: from [140.186.70.92] (port=38398 helo=eggs.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1PKGIw-0005Ii-Sl for bug-gnu-emacs@gnu.org; Sun, 21 Nov 2010 15:14:32 -0500 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1PKGIw-0002XR-0H for bug-gnu-emacs@gnu.org; Sun, 21 Nov 2010 15:14:30 -0500 Original-Received: from debbugs.gnu.org ([140.186.70.43]:36640) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1PKGIv-0002XM-Tq for bug-gnu-emacs@gnu.org; Sun, 21 Nov 2010 15:14:29 -0500 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.69) (envelope-from ) id 1PKG9m-0004h6-0G; Sun, 21 Nov 2010 15:05:02 -0500 X-Loop: help-debbugs@gnu.org Resent-From: Stefan Monnier Original-Sender: debbugs-submit-bounces@debbugs.gnu.org Resent-To: owner@debbugs.gnu.org Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Sun, 21 Nov 2010 20:05:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 7454 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: Original-Received: via spool by 7454-submit@debbugs.gnu.org id=B7454.129036986618035 (code B ref 7454); Sun, 21 Nov 2010 20:05:01 +0000 Original-Received: (at 7454) by debbugs.gnu.org; 21 Nov 2010 20:04:26 +0000 Original-Received: from localhost ([127.0.0.1] helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1PKG9B-0004gq-A1 for submit@debbugs.gnu.org; Sun, 21 Nov 2010 15:04:25 -0500 Original-Received: from ironport2-out.teksavvy.com ([206.248.154.183] helo=ironport2-out.pppoe.ca) by debbugs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1PKG99-0004gl-KX for 7454@debbugs.gnu.org; Sun, 21 Nov 2010 15:04:24 -0500 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: An4HAGcL6UxMCqtq/2dsb2JhbAChW31yvDGFSwSEWoUTiFY X-IronPort-AV: E=Sophos;i="4.59,232,1288584000"; d="scan'208";a="83146485" Original-Received: from 76-10-171-106.dsl.teksavvy.com (HELO ceviche.home) ([76.10.171.106]) by ironport2-out.pppoe.ca with ESMTP/TLS/ADH-AES256-SHA; 21 Nov 2010 15:09:36 -0500 Original-Received: by ceviche.home (Postfix, from userid 20848) id 16733660F5; Sun, 21 Nov 2010 15:09:36 -0500 (EST) In-Reply-To: <87y68mk6bg.fsf@stupidchicken.com> (Chong Yidong's message of "Sun, 21 Nov 2010 11:08:35 -0500") User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.0.50 (gnu/linux) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.11 Precedence: list Resent-Date: Sun, 21 Nov 2010 15:05:02 -0500 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6 (newer, 3) X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.bugs:41804 Archived-At: >>> For unknown reasons, python.el's run-python removes the current >>> working directory from python's sys.path. >> The reasons are explained here >> http://lists.gnu.org/archive/html/emacs-devel/2008-09/msg00215.html > Dave Love's upstream version has fixed this in a different way, by > avoiding module loading from world-writable directories. I'll merge > this in. This makes the security hole smaller, but it's still present. E.g. you may download an evil Python package into your home, then visit the files in Emacs (e.g. to see if these files look safe for use) and use some of python.el's features that happens to cause Python to be started: gotcha! Stefan