Re: Untrusted search path vulnerabilities
> On Wed, Nov 17, 2010 at 22:58, Jakub Wilk <email@example.com> wrote:
>> A number of packages in the archive sets the PYTHONPATH environment variable
>> in an insecure way. They do something like:
>> This is wrong, because if PYTHONPATH were originally unset or empty, current
>> working directory would be added to sys.path.
I wonder if this class of vulnerabilities (inc the LD_LIBRARY_PATH
ones) could be automatically warned about by lintian.