Re: RFS: sima (autoqueue MPD client, find similar artists to queue)

To: debian-mentors@lists.debian.org
Subject: Re: RFS: sima (autoqueue MPD client, find similar artists to queue)
From: Paul Wise <pabs@debian.org>
Date: Fri, 12 Nov 2010 22:03:46 +0700
Message-id: <[🔎] AANLkTintCjXO7tBR5HviGPLGWo52ja0V+pb5ZCTpfJ52@mail.gmail.com>
In-reply-to: <[🔎] 20101112111237.GC2831@hephaistos.amsuess.com>
References: <[🔎] 4CDD094B.4000103@azylum.org> <[🔎] 20101112111237.GC2831@hephaistos.amsuess.com>

On Fri, Nov 12, 2010 at 6:12 PM, chrysn <chrysn@fsfe.org> wrote:

> PYTHONPATH=/usr/share/sima/:$PYTHONPATH exec /usr/share/sima/mpd_sima.py "$@"

Please use this instead to avoid security issues caused by allowing
python to load modules from the working directory (which may have
untrusted files in it):

PYTHONPATH=/usr/share/sima/${PYTHONPATH:+:$PYTHONPATH} exec
/usr/share/sima/mpd_sima.py "$@"

c.f. all the recent LD_LIBRARY_PATH vulnerabilities for the reasoning
behind this.

-- 
bye,
pabs

http://wiki.debian.org/PaulWise

Reply to:

Follow-Ups:
- Re: RFS: sima (autoqueue MPD client, find similar artists to queue)
  - From: chrysn <chrysn@fsfe.org>

References:
- RFS: sima (autoqueue MPD client, find similar artists to queue)
  - From: Geoffroy Youri Berret <efrim@azylum.org>
- Re: RFS: sima (autoqueue MPD client, find similar artists to queue)
  - From: chrysn <chrysn@fsfe.org>

Prev by Date: Re: RFS: python-ordereddict
Next by Date: Re: RFS: kstars-data-extra-tycho2 (third try)
Previous by thread: Re: RFS: sima (autoqueue MPD client, find similar artists to queue)
Next by thread: Re: RFS: sima (autoqueue MPD client, find similar artists to queue)
Index(es):
- Date
- Thread