Is this a security risk with Python too?

Paul Rubin phr-n2002b at NOSPAMnightsong.com
Sat Aug 17 03:02:51 CEST 2002


Richard Jones <rjones at ekit-inc.com> writes:
> I say "secure" because really, if someone's got write access to your current 
> dir, you're in deep poo anyway. What's to stop them writing a new "python" 
> program there. Most unixes have '.' first in the user's search PATH. Ever 
> notice how the "root" user doesn't though?

"." is usually not first in the path of ordinary users either, in
systems I've seen.  It hasn't been that way in ages.  It occasionally
happens but more commonly "." isn't on the path at all, and you have
to say "./whatever" to run a program from the current directory.



More information about the Python-list mailing list