best way to ensure './' is at beginning of sys.path?
Michael Felt
michael at felt.demon.nl
Sat Feb 4 03:48:17 EST 2017
On 04-Feb-17 02:07, Cameron Simpson wrote:
> On 03Feb2017 17:21, Wildman <best_lay at yahoo.com> wrote:
>> On Sat, 04 Feb 2017 09:25:42 +1100, Cameron Simpson wrote:
>>> Also, what you describe with rc.local wouldn't work anyway, even if
>>> it had ben
>>> what was asked.
>>
>> Of course, you are correct. I don't know where my head
>> was. I think my tongue got in front of my eye teeth and
>> I could not see what I was saying. :-)
>>
>> If anyone is interested the correct way is to add this to
>> /etc/profile (at the bottom):
>>
>> PATH=$PATH:./
>> export PATH
>
> Indeed. But this should usually be accompanied by the advice that this
> isn't a good idea. Having one's commands at the mercy of whatever
> directory one is standing in is a recipe for being subverted. While
> the risk is lessened by having "." at the end of the search path, that
> just means the attacker (== other user of this system) has to name
> their trojan horse commands after typing errors, such as the ever
> popular "gerp" search programme.
>
> Even with Python I'd feel it is better to not have "." in the
> sys.path; I'd be happier with a full path to a preferred source of
> modules. (Yes, I know Python likes to search the current directory for
> modules, notmy favourite feature.)
>
This sound like something that could be hidden, read moved, if not
removed - to a feature only available if built with something resembling
a --dev-build flag (Python3.7 of course, as there may be earlier
projects that depend on it - certainly officially deprecate in all other
Python3 releases - there never being a Python2.8 a deprecate in
Python2.7 is pointless).
> Cheers,
> Cameron Simpson <cs at zip.com.au>
More information about the Python-list
mailing list