[Twisted-Python] Current Working Directory - Just say no
![](https://secure.gravatar.com/avatar/3477a9de290ec6d77129af504faa1c0b.jpg?s=120&d=mm&r=g)
Glyph, please, please remove the currentDirectory from the plugins list. This is a security hole waiting to happen. This is your brain. This is your brain in the current working directory. -- The Official Moshe Zadka FAQ: http://moshez.geek The Official Moshe Zadka FAQ For Dummies: http://moshez.org Read the FAQ
![](https://secure.gravatar.com/avatar/e1554622707bedd9202884900430b838.jpg?s=120&d=mm&r=g)
OK, I'll remove it because it seems redundant (Twisted directory + your home directory seems like a fairly complete default set...) However, I don't really agree... how is the current working directory more or less "secure" than the contents of the environment variable $HOME? We're importing python modules with __import__ anyway; it's a pretty massive security hole if hostile users can write to your current directory already (as it is normally on sys.path) On Wed, Aug 29, 2001 at 09:49:59PM +0300, Moshe Zadka wrote:
-- ______ __ __ _____ _ _ | ____ | \_/ |_____] |_____| |_____| |_____ | | | | @ t w i s t e d m a t r i x . c o m http://twistedmatrix.com/users/glyph
![](https://secure.gravatar.com/avatar/e1554622707bedd9202884900430b838.jpg?s=120&d=mm&r=g)
OK, I'll remove it because it seems redundant (Twisted directory + your home directory seems like a fairly complete default set...) However, I don't really agree... how is the current working directory more or less "secure" than the contents of the environment variable $HOME? We're importing python modules with __import__ anyway; it's a pretty massive security hole if hostile users can write to your current directory already (as it is normally on sys.path) On Wed, Aug 29, 2001 at 09:49:59PM +0300, Moshe Zadka wrote:
-- ______ __ __ _____ _ _ | ____ | \_/ |_____] |_____| |_____| |_____ | | | | @ t w i s t e d m a t r i x . c o m http://twistedmatrix.com/users/glyph
participants (2)
-
Glyph Lefkowitz
-
Moshe Zadka