[issue35755] Remove current directory from posixpath.defpath to enhance security
Jakub Wilk
report at bugs.python.org
Tue Apr 16 12:59:00 EDT 2019
Jakub Wilk <jwilk at jwilk.net> added the comment:
which(1) is not standardized, and there are many[*] implementations with different behavior in corner cases. For example, this happens with zsh 5.7.1 on Debian:
% which python
/usr/bin/python
% PATH= which python
python
% PATH=. which python
./python
% PATH=: which python
python
[*] I'm aware of GNU which, which from debianutils, and zsh builtin. In addition to this, AFAICS every major BSD distro has a different implementation…
----------
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue35755>
_______________________________________
More information about the Python-bugs-list
mailing list