24 Feb
2020
24 Feb
'20
9:44 p.m.
On 2/24/20, jdveiga@gmail.com <jdveiga@gmail.com> wrote:
It is the intended and the expected behaviour. The working directory is always added to the sys.path.
You mean always in this particular context, i.e. the working directory is added normally when executing a command via -c or a module as a script via -m. When executing a script normally, the script directory gets added, which is reasonably secure. Adding the working directory to sys.path is ok for the interactive shell and -c commands, but I don't understand why it gets added with -m, which is a security hole, and to me an annoyance. It can be disabled with isolated mode, but that's a blunt instrument that disables too much.