Steve Dower <steve.do...@python.org> added the comment:
> This could be problematic, adding a suitably named file outside of $PREFIX > breaks the python installation. Might be worth changing it then. I double/triple checked whether searching up for the zip file was the old behaviour, and it sure seemed to be (it wasn't on Windows). Will only be a little tweak to change, since both codepaths are already there. My assumption was that any higher-level directories in that tree would be at least as restricted as where Python is installed, so anyone who could hijack it there could also have modified it closer to the actual file. ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue46890> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
