On Mon, May 20, 2013 at 05:10:41PM -0400, Phil Pennock wrote:
> On 2013-05-20 at 11:02 -0700, Todd Lyons wrote:
> > Figured out the problem with using the list method for path
> > manipulation. My latest code is at:
> > http://git.exim.org/users/tlyons/exim.git
>
> I looked *very* briefly with:
>
> git diff e2658fff tlyons/master_volatile_python
>
> It looks good to me.
>
> > 2. If full path to python script is specified, it splits the path and
> > adds it to the system paths, then attempts to load it.
>
> This should be called out very clearly, perhaps even in the security
> section too, as it affects what code will be loaded into a root-run
> process and folks should know that they will be implicitly trusting
> everything in a directory from which they load code, not just the file
> that they load.
IIRC Python automatically adds the directory containing a script
to the search path for modules imported by *that* script. So it
should not be necessary to globally add the containing directory
to the search path, this can make other code more fragile by breaking
namespace boundaries. So if I am not mistaken, the system paths
should not be modified.
--
Viktor.