Moshe Zadka wrote:
On Wed, 06 Nov 2002, Steve Waterbury email@example.com wrote:
How is having "." on your PYTHONPATH a serious security hole? (Of course it shouldn't be on _root_'s PYTHONPATH, but how is it bad for a regular user?)
What if you run a Python program from /tmp? ... [etc.]
Perhaps I am protected by a higher level of general paranoia: I would never run anything from /tmp (or any other directory where just anyone could write something into, but especially not from /tmp!). I only run Python scripts either from inside my home dir (for which I leave the RH default perms, drwx------) or from a root-writable-only dir such as /usr/local/... (if somebody's hacked root, I've got bigger problems anyway!).
Of course, the conversation started with Windows, and I have no idea what the implications are there ... probably much more dire, like everything else on Windows. ;^)
Cheers, -- Steve.