[New-bugs-announce] [issue39656] shebanged scripts can escape from `venv` depending on how it was created
Anthony Sottile
report at bugs.python.org
Sun Feb 16 14:21:51 EST 2020
New submission from Anthony Sottile <asottile at umich.edu>:
This is distilled from a larger example to be small/silly, however this caused real problems
A script which was intended for python3.6 exactly was written as follows:
```
#!/usr/bin/env python3.6
...
```
when creating a virtualenv with `python3.6 -m venv venv36` you end up with `python` / `python3` / `python3.6` executables in the venv
however, when creating a virtualenv with `python3 -m venv venv36` you only end up with `python` / `python3` executables
___
using `-mvirtualenv` (pypa/virtualenv) instead of venv, all three are reliably created
___
the fix is fairly straightforward, adding `f'python3.{sys.version_info[0]}'` to this tuple: https://github.com/python/cpython/blob/c33bdbb20cf55b3a2aa7a91bd3d91fcb59796fad/Lib/venv/__init__.py#L246
----------
components: Library (Lib)
messages: 362095
nosy: Anthony Sottile
priority: normal
severity: normal
status: open
title: shebanged scripts can escape from `venv` depending on how it was created
versions: Python 3.9
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue39656>
_______________________________________
More information about the New-bugs-announce
mailing list