Is this a security risk with Python too?

Paul Rubin phr-n2002b at
Sat Aug 17 03:02:51 CEST 2002

Richard Jones <rjones at> writes:
> I say "secure" because really, if someone's got write access to your current 
> dir, you're in deep poo anyway. What's to stop them writing a new "python" 
> program there. Most unixes have '.' first in the user's search PATH. Ever 
> notice how the "root" user doesn't though?

"." is usually not first in the path of ordinary users either, in
systems I've seen.  It hasn't been that way in ages.  It occasionally
happens but more commonly "." isn't on the path at all, and you have
to say "./whatever" to run a program from the current directory.

More information about the Python-list mailing list