Mercurial > emacs

changeset 111580:bd93bfc2fc83

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
* lisp/progmodes/python.el (run-python): Explain why we remove the current directory from sys.path. Suggested by Eric Hanchrow <erich@cozi.com>.
author Stefan Monnier <monnier@iro.umontreal.ca>
date Wed, 17 Nov 2010 10:00:16 -0500
parents 4433803ef920
children facc4bc3e1e4
files lisp/ChangeLog lisp/progmodes/python.el
diffstat 2 files changed, 8 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- a/lisp/ChangeLog	Wed Nov 17 09:54:15 2010 -0500
+++ b/lisp/ChangeLog	Wed Nov 17 10:00:16 2010 -0500
@@ -1,5 +1,8 @@
 2010-11-17  Stefan Monnier  <monnier@iro.umontreal.ca>
 
+	* progmodes/python.el (run-python): Explain why we remove the current
+	directory from sys.path.  Suggested by Eric Hanchrow <erich@cozi.com>.
+
 	* progmodes/grep.el (grep-regexp-alist): Tighten the regexp (bug#7378).
 
 2010-11-16  Stefan Monnier  <monnier@iro.umontreal.ca>
--- a/lisp/progmodes/python.el	Wed Nov 17 09:54:15 2010 -0500
+++ b/lisp/progmodes/python.el	Wed Nov 17 10:00:16 2010 -0500
@@ -1586,6 +1586,11 @@
     (with-current-buffer
 	(let* ((cmdlist
 		(append (python-args-to-list cmd)
+                        ;; It's easy for the user to cause the process to be
+			;; started without realizing it (e.g. to perform
+			;; completion); for this reason loading files from the
+			;; current directory is a security risk.  See
+			;; http://article.gmane.org/gmane.emacs.devel/103569
 			'("-i" "-c" "import sys; sys.path.remove('')")))
 	       (path (getenv "PYTHONPATH"))
 	       (process-environment	; to import emacs.py