[omniORB-dev] Minor documentation patch
Floris Bruynooghe
flub at devork.be
Wed Mar 30 16:11:51 BST 2011
On 30 March 2011 12:22, Duncan Grisby <duncan at grisby.org> wrote:
> On Tue, 2011-03-29 at 21:18 +0100, Floris Bruynooghe wrote:
>
>> One of Debian's QA analysis efforts was to spot insecure usage of
>> PYTHONPATH, i.e. PYTHON=$PYTHONPATH:/some/path which could potentially
>> put the current working directory on the PYTHONPATH. In OmniORBpy
>> this occurs only in the documentation, however they still regard that
>> as a security bug ;-).
>
> I don't understand. Python _always_ searches the current working
> directory before looking at PYTHONPATH, so I don't see how accidentally
> including the empty path in PYTHONPATH changes anything.
No, not when executed as a script. When executing scripts python puts
the directory of the script on sys.path, but not the current working
directory.
> Regardless, I don't want to change that documentation because it's
> generic Unix documentation, and not all shells necessarily support the
> syntax the change is using.
It is a POSIX construct:
http://pubs.opengroup.org/onlinepubs/9699919799/utilities/V3_chap02.html#tag_18_06
Of course you're free to not include it, probably won't cause much
harm (and frankly my first reaction was "it's only documentation why
can't this be a minor bug").
Regards
Floris
--
Debian GNU/Linux -- The Power of Freedom
www.debian.org | www.gnu.org | www.kernel.org
More information about the omniORB-dev
mailing list