[PATCH] python.el(run-python): Explain why we remove the current directo

emacs-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH] python.el(run-python): Explain why we remove the current directo

From:	eric . hanchrow
Subject:	[PATCH] python.el(run-python): Explain why we remove the current directory from sys.path
Date:	Fri, 13 Mar 2009 12:01:25 -0700

From: Eric Hanchrow <address@hidden>

---
 lisp/progmodes/python.el |    6 +++++-
 1 files changed, 5 insertions(+), 1 deletions(-)

diff --git a/lisp/progmodes/python.el b/lisp/progmodes/python.el
index 7221d8e..81d073a 100644
--- a/lisp/progmodes/python.el
+++ b/lisp/progmodes/python.el
@@ -1552,7 +1552,11 @@ buffer for a list of commands.)"
     (with-current-buffer
        (let* ((cmdlist
                (append (python-args-to-list cmd)
-                       '("-i" "-c" "import sys; sys.path.remove('')")))
+                       ;; Removing the current directory from
+                       ;; sys.path prevents an attacker from tricking
+                       ;; us into running malicious code.  See
+                       ;; http://article.gmane.org/gmane.emacs.devel/103569
+                        '("-i" "-c" "import sys; sys.path.remove('')")))
               (path (getenv "PYTHONPATH"))
               (process-environment     ; to import emacs.py
                (cons (concat "PYTHONPATH="
-- 
1.6.2

[Prev in Thread]

Current Thread

[Next in Thread]

[PATCH] python.el(run-python): Explain why we remove the current directory from sys.path, eric . hanchrow <=

Prev by Date: Re: python.el: why remove '' from sys.path?
Next by Date: Re: Accepting and returning multiple values in 'cl
Previous by thread: python.el: why remove '' from sys.path?
Next by thread: changing multiple-value calls in emacs code.
Index(es):
- Date
- Thread