[Emacs-diffs] /srv/bzr/emacs/trunk r102418: * lisp/progmodes/python.el (run-python): Explain why we remove the current

[Stefan Monnier]

------------------------------------------------------------
revno: 102418
committer: Stefan Monnier <address@hidden>
branch nick: trunk
timestamp: Wed 2010-11-17 10:00:16 -0500
message:
  * lisp/progmodes/python.el (run-python): Explain why we remove the current
  directory from sys.path.  Suggested by Eric Hanchrow <address@hidden>.
modified:
  lisp/ChangeLog
  lisp/progmodes/python.el

=== modified file 'lisp/ChangeLog'
--- a/lisp/ChangeLog    2010-11-17 14:54:15 +0000
+++ b/lisp/ChangeLog    2010-11-17 15:00:16 +0000
@@ -1,5 +1,8 @@
 2010-11-17  Stefan Monnier  <address@hidden>
 
+       * progmodes/python.el (run-python): Explain why we remove the current
+       directory from sys.path.  Suggested by Eric Hanchrow <address@hidden>.
+
        * progmodes/grep.el (grep-regexp-alist): Tighten the regexp (bug#7378).
 
 2010-11-16  Stefan Monnier  <address@hidden>

=== modified file 'lisp/progmodes/python.el'
--- a/lisp/progmodes/python.el  2010-11-09 20:07:10 +0000
+++ b/lisp/progmodes/python.el  2010-11-17 15:00:16 +0000
@@ -1586,6 +1586,11 @@
     (with-current-buffer
        (let* ((cmdlist
                (append (python-args-to-list cmd)
+                        ;; It's easy for the user to cause the process to be
+                       ;; started without realizing it (e.g. to perform
+                       ;; completion); for this reason loading files from the
+                       ;; current directory is a security risk.  See
+                       ;; http://article.gmane.org/gmane.emacs.devel/103569
                        '("-i" "-c" "import sys; sys.path.remove('')")))
               (path (getenv "PYTHONPATH"))
               (process-environment     ; to import emacs.py