[Python-checkins] bpo-35755: Remove current directory from posixpath.defpath (GH-11586)
Victor Stinner
webhook-mailer at python.org
Wed Apr 17 11:05:44 EDT 2019
https://github.com/python/cpython/commit/2c4c02f8a876fcf084575dcaf857a0236c81261a
commit: 2c4c02f8a876fcf084575dcaf857a0236c81261a
branch: master
author: Victor Stinner <vstinner at redhat.com>
committer: GitHub <noreply at github.com>
date: 2019-04-17T17:05:30+02:00
summary:
bpo-35755: Remove current directory from posixpath.defpath (GH-11586)
Document the change in a NEWS entry of the Security category.
files:
A Misc/NEWS.d/next/Security/2019-01-17-10-03-48.bpo-35755.GmllIs.rst
M Lib/posixpath.py
diff --git a/Lib/posixpath.py b/Lib/posixpath.py
index 21ce72fd79cd..ecb4e5a8f707 100644
--- a/Lib/posixpath.py
+++ b/Lib/posixpath.py
@@ -18,7 +18,7 @@
extsep = '.'
sep = '/'
pathsep = ':'
-defpath = ':/bin:/usr/bin'
+defpath = '/bin:/usr/bin'
altsep = None
devnull = '/dev/null'
diff --git a/Misc/NEWS.d/next/Security/2019-01-17-10-03-48.bpo-35755.GmllIs.rst b/Misc/NEWS.d/next/Security/2019-01-17-10-03-48.bpo-35755.GmllIs.rst
new file mode 100644
index 000000000000..959aafd73449
--- /dev/null
+++ b/Misc/NEWS.d/next/Security/2019-01-17-10-03-48.bpo-35755.GmllIs.rst
@@ -0,0 +1,5 @@
+:func:`shutil.which` now uses ``os.confstr("CS_PATH")`` if available and if the
+:envvar:`PATH` environment variable is not set. Remove also the current
+directory from :data:`posixpath.defpath`. On Unix, :func:`shutil.which` and the
+:mod:`subprocess` module no longer search the executable in the current
+directory if the :envvar:`PATH` environment variable is not set.
More information about the Python-checkins
mailing list