> On Wed, Nov 17, 2010 at 22:58, Jakub Wilk <jw...@debian.org> wrote: >> A number of packages in the archive sets the PYTHONPATH environment variable >> in an insecure way. They do something like: >> >> PYTHONPATH=/spam/eggs:$PYTHONPATH >> >> This is wrong, because if PYTHONPATH were originally unset or empty, current >> working directory would be added to sys.path.
I wonder if this class of vulnerabilities (inc the LD_LIBRARY_PATH ones) could be automatically warned about by lintian. -- bye, pabs http://wiki.debian.org/PaulWise -- To UNSUBSCRIBE, email to debian-python-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/aanlktinjdtuqd5mogcccphroabv+4vp4lfbqzjukr...@mail.gmail.com
