[omniORB-dev] Minor documentation patch
Duncan Grisby
duncan at grisby.org
Wed Mar 30 13:22:32 BST 2011
On Tue, 2011-03-29 at 21:18 +0100, Floris Bruynooghe wrote:
> One of Debian's QA analysis efforts was to spot insecure usage of
> PYTHONPATH, i.e. PYTHON=$PYTHONPATH:/some/path which could potentially
> put the current working directory on the PYTHONPATH. In OmniORBpy
> this occurs only in the documentation, however they still regard that
> as a security bug ;-).
I don't understand. Python _always_ searches the current working
directory before looking at PYTHONPATH, so I don't see how accidentally
including the empty path in PYTHONPATH changes anything.
Regardless, I don't want to change that documentation because it's
generic Unix documentation, and not all shells necessarily support the
syntax the change is using.
Duncan.
--
-- Duncan Grisby --
-- duncan at grisby.org --
-- http://www.grisby.org --
More information about the omniORB-dev
mailing list