[Python-ideas] Security: remove "." from sys.path?
Steven D'Aprano
steve at pearwood.info
Thu Jun 1 21:05:59 EDT 2017
On Fri, Jun 02, 2017 at 09:22:16AM +1000, Chris Angelico wrote:
> Ultimately, what I would like is for "import random" to be absolutely
> dependably going to grab the stdlib "random" module, or at very least,
> something that someone *deliberately* is shadowing that module with.
> You shouldn't be able to accidentally shadow a stdlib module.
If that's the only problem you want to solve, then I would expect that
moving the script/current directory to the *end* of sys.path instead of
the start will accomplish that, without breaking any scripts that rely
on '' to be in the path.
I expect that moving '' to the end of sys.path will be a less disruptive
change than removing it.
--
Steve
More information about the Python-ideas
mailing list