[issue16202] sys.path[0] security issues
Nick Coghlan
report at bugs.python.org
Mon Oct 15 17:38:06 CEST 2012
Nick Coghlan added the comment:
It's actually the same as #946373 - it's not about adding the current directory to sys.path, it's adding the directory of a script that's in a world-writable directory (such as /tmp).
The difference is that the proposed solution this time recognises that simply not adding that directory would break the world, so it aims for a more nuanced approach (plus distutils itself writing a script to /tmp and then running it is just plain wrong).
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue16202>
_______________________________________
More information about the Python-bugs-list
mailing list