best way to ensure './' is at beginning of sys.path?

Cameron Simpson cs at zip.com.au
Sat Feb 4 18:47:40 EST 2017


On 04Feb2017 12:56, Wildman <best_lay at yahoo.com> wrote:
>On Sat, 04 Feb 2017 18:25:03 +0000, Grant Edwards wrote:
>> The next time you are in the /tmp directory looking for something, can
>> you guess what happens when you mistype "ls" as "sl"?
[...]
>Your scenario assumes the malicious user has root access
>to be able to place a file into /tmp.

/tmp is _publicly_ writable. _Any_ user can do that.

>And there would
>have to be some reason why I would be looking around in
>/tmp.  After 10 years of using Linux, it hasn't happened
>yet.

Amazing. I was looking around in /tmp in my first days of using UNIX. There's 
stuff in there.

>And last I would have to be a complete idiot.

If you've got "." in your $PATH, I am beginning to think that this thesis is 
supported.

>I suppose all that could be a reality, but, how many
>computers do you know of have been compromised in this
>manor?

Hmm. I've compromised my friends (with harmless pranks) in this way. These days 
that doesn't work so well became having "." in your path is not done.

Cheers,
Cameron Simpson <cs at zip.com.au>



More information about the Python-list mailing list