Mercurial > emacs

diff lisp/progmodes/python.el @ 111580:bd93bfc2fc83

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
* lisp/progmodes/python.el (run-python): Explain why we remove the current directory from sys.path. Suggested by Eric Hanchrow <erich@cozi.com>.
author Stefan Monnier <monnier@iro.umontreal.ca>
date Wed, 17 Nov 2010 10:00:16 -0500
parents 132f2dfd549f
children 3655cc4062e4
line wrap: on
line diff
--- a/lisp/progmodes/python.el	Wed Nov 17 09:54:15 2010 -0500
+++ b/lisp/progmodes/python.el	Wed Nov 17 10:00:16 2010 -0500
@@ -1586,6 +1586,11 @@
     (with-current-buffer
 	(let* ((cmdlist
 		(append (python-args-to-list cmd)
+                        ;; It's easy for the user to cause the process to be
+			;; started without realizing it (e.g. to perform
+			;; completion); for this reason loading files from the
+			;; current directory is a security risk.  See
+			;; http://article.gmane.org/gmane.emacs.devel/103569
 			'("-i" "-c" "import sys; sys.path.remove('')")))
 	       (path (getenv "PYTHONPATH"))
 	       (process-environment	; to import emacs.py