Hello, I don't think it has already posted to the list, apologies if it has.
Some Linux tools and vendors have been hit by an alleged "security hole" where an embedded Python interpreter will prepend the current working directory to sys.path as soon as PySys_SetArgv() is called by the embedding application. This means, for example, that a Python file in the working directory can break plugins or extensions written for that application if the Python file happens to shadow another module. Regardless of whether this is a security hole or not, it certainly can make things disturbingly surprising when the situation arises. In the bug report (http://bugs.python.org/issue5753), I suggested we add a new function PySys_SetArgvEx() which would take an additional parameter telling whether to touch sys.path or not (in the same spirit as Py_InitializeEx() providing a more flexible API than Py_Initialize()). On the other hand, I don't think we can change the default behaviour of PySys_SetArgv(), since there are probably tools and applications relying on it (the obvious use case which comes to my mind is a third-party interactive interpreter). Any opinions? Regards Antoine. _______________________________________________ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
