[Distutils] Finally making distlib handle spaces
Jakub Wilk
jwilk at jwilk.net
Sat May 20 17:56:22 EDT 2017
* Radon Rosborough <radon.neon at gmail.com>, 2017-05-20, 14:29:
>>I would have thought that "#!/usr/bin/env sh" runs the risk of picking up a
>>malicious sh executable injected into the user's PATH.
>That's certainly a valid concern. Does this happen in the real world? I feel
>like if you have a malicious sh executable on your PATH, you're going to have
>a lot more problems than just from virtualenv.
Right. It's safe to assume that all elements of PATH are trusted. If they're
not, all bets are off.
That said, I'm surprised that "#!/usr/bin/env sh" was proposed instead of the
more conventional "#!/bin/sh". I don't really see any advantages of the former.
--
Jakub Wilk
More information about the Distutils-SIG
mailing list