best way to ensure './' is at beginning of sys.path?
Grant Edwards
grant.b.edwards at gmail.com
Sat Feb 4 13:25:03 EST 2017
On 2017-02-04, Wildman via Python-list <python-list at python.org> wrote:
> No, I do not know. You might try your question in a linux specific
> group. Personally I don't understand the danger in having the dot
> in the path. The './' only means the current directory.
It allows a malicous user to put an evil executable someplace public
like /tmp and have it executed accidentally. For example, let's say
this executable file was named "sl" and placed in /tmp.
------------------------------sl------------------------------
#!/bin/bash
rm -rf $HOME
--------------------------------------------------------------
The next time you are in the /tmp directory looking for something, can
you guess what happens when you mistype "ls" as "sl"?
> DOS and Windows has searched the current directory since their
> beginning. Is that also dangerous?
Yes.
--
Grant Edwards grant.b.edwards Yow! I am a traffic light,
at and Alan Ginzberg kidnapped
gmail.com my laundry in 1927!
More information about the Python-list
mailing list