bug-gnu-emacs
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#7454: python.el sys.path improperly removes current working director

From: Stefan Monnier
Subject: bug#7454: python.el sys.path improperly removes current working directory
Date: Sun, 21 Nov 2010 15:09:36 -0500
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/24.0.50 (gnu/linux) 
>>> For unknown reasons, python.el's run-python removes the current
>>> working directory from python's sys.path.
>> The reasons are explained here
>> http://lists.gnu.org/archive/html/emacs-devel/2008-09/msg00215.html

> Dave Love's upstream version has fixed this in a different way, by
> avoiding module loading from world-writable directories.  I'll merge
> this in.

This makes the security hole smaller, but it's still present.  E.g. you
may download an evil Python package into your home, then visit the files
in Emacs (e.g. to see if these files look safe for use) and use some of
python.el's features that happens to cause Python to be started: gotcha!


        Stefan
reply via email to
[Prev in Thread] Current Thread [Next in Thread]