Re: when and why did python(-minimal) become essential?

To: debian-devel@lists.debian.org
Cc: debian-python@lists.debian.org
Subject: Re: when and why did python(-minimal) become essential?
From: Josselin Mouette <joss@debian.org>
Date: Sat, 28 Jan 2006 11:38:58 +0100
Message-id: <[🔎] 1138444738.16032.2.camel@arrakis.localnet>
In-reply-to: <873bj92cmo.dancerj%dancer@netfort.gr.jp>
References: <[🔎] 20060119233855.GC12818@localdomain> <[🔎] 20060120001551.GZ18803@alcor.net> <[🔎] 87psmnik6m.fsf@becket.becket.net> <[🔎] 20060120050930.GG18803@alcor.net> <[🔎] 87k6cvh0a7.fsf@becket.becket.net> <[🔎] 20060120172252.GP18803@alcor.net> <[🔎] 87d5ilvrms.fsf@becket.becket.net> <[🔎] 1138288663.12468.29.camel@silicium.ccc.cea.fr> <20060127010401.GA6849@localdomain> <1138351367.16359.22.camel@silicium.ccc.cea.fr> <20060127114636.GA10536@country.grep.be> <1138410838.8246.8.camel@arrakis.localnet> <873bj92cmo.dancerj%dancer@netfort.gr.jp>

Le samedi 28 janvier 2006 à 13:35 +0900, Junichi Uekawa a écrit :

> http://lists.debian.org/debian-security/2006/01/msg00010.html
> 
> I think the conclusion about LD_PATH was 
> 	python includes the 'current directory of the executed binary'
> 	ruby includes the 'current directory', thus unsafe.

That's right. Any python script that may be put in an unsafe directory
should first call:
import sys
sys.path.remove('')
-- 
 .''`.           Josselin Mouette        /\./\
: :' :           josselin.mouette@ens-lyon.org
`. `'                        joss@debian.org
  `-  Debian GNU/Linux -- The power of freedom

Attachment: signature.asc
Description: Ceci est une partie de message =?ISO-8859-1?Q?num=E9riquement?= =?ISO-8859-1?Q?_sign=E9e?=

Reply to:

References:
- Re: when and why did python(-minimal) become essential?
  - From: David Nusinow <david_nusinow@verizon.net>
- Re: when and why did python(-minimal) become essential?
  - From: Matt Zimmerman <mdz@debian.org>
- Re: when and why did python(-minimal) become essential?
  - From: Thomas Bushnell BSG <tb@becket.net>
- Re: when and why did python(-minimal) become essential?
  - From: Matt Zimmerman <mdz@debian.org>
- Re: when and why did python(-minimal) become essential?
  - From: Thomas Bushnell BSG <tb@becket.net>
- Re: when and why did python(-minimal) become essential?
  - From: Matt Zimmerman <mdz@debian.org>
- Re: when and why did python(-minimal) become essential?
  - From: Thomas Bushnell BSG <tb@becket.net>
- Re: when and why did python(-minimal) become essential?
  - From: Josselin Mouette <joss@debian.org>

Prev by Date: Re: when and why did python(-minimal) become essential?
Next by Date: Re: when and why did python(-minimal) become essential?
Previous by thread: Re: when and why did python(-minimal) become essential?
Next by thread: Re: when and why did python(-minimal) become essential?
Index(es):
- Date
- Thread