Issue947380
This issue tracker has been migrated to GitHub,
and is currently read-only.
For more information,
see the GitHub FAQs in the Python's Developer Guide.
Created on 2004-05-04 00:46 by orib, last changed 2022-04-11 14:56 by admin. This issue is now closed.
Messages (5) | |||
---|---|---|---|
msg20673 - (view) | Author: Ori Berger (orib) | Date: 2004-05-04 00:46 | |
Python version tested: 2.3.3 (But if I read the cvs annotate correctly, this goes all the way back to 2.0) OS Version tested: Win2K (but any win32 version should behave the same). On Windows, sys,path sometimes contains the 'current working directory', in which the Python process was started, while the interpreter is still initializing; it shouldn't be there until after the interpreter had completed initializing and is ready for batch or interactive execution. How to reproduce: Use plain-vanilla 2.3.3 Python, without _any_ additional module installed. The HKEY_LOCAL_MACHINE\SOFTWARE\Python\PythonCore\2.3\PythonPath registry key must NOT have any subkey (this is true for a fresh install, but might not be true if packages were installed earlier). Go to a subdirectory of your choice, e.g., C:\HoverCraft\Eels, and run (assuming Python is in c:\python23) > c:\python23\python -c "import sys; print sys.path" The first entry should be the current directory or ''. That's ok - it was added at the end of initialization. The second entry will be a .zip file where the .dll is; That's also ok. The third entry should be the current directory (or '') again. THIS IS NOT OK. How this was discovered: To give credit where credit is due, my friend Oren Gampel created a file called 'stat.py' in a directory, and from that moment on, Python started complaining about failing to import site. The reason is that 'site' imports 'ntpath', which imports 'stat', which unfortunately imported the new 'stat' rather than the library 'stat'. In some convoluted settings, this might have security implications - e.g., if an administrator starts a Python script in a directory to which a user has write permissions, this could result in a privelege escalation (even if the script has no import statements at all - the implicit "import site" is sufficient). I'm submitting a 2-line patch to the patch tracker (and one of them is a comment!) that seems to solve this problem. |
|||
msg20674 - (view) | Author: Ori Berger (orib) | Date: 2004-05-04 00:59 | |
Logged In: YES user_id=67862 Patch uploaded to http://python.org/sf/947386 |
|||
msg20675 - (view) | Author: Josiah Carlson (josiahcarlson) * | Date: 2004-05-21 00:06 | |
Logged In: YES user_id=341410 This is the old "module in current path shadows standard library module" issue which will be fixed in Python 2.4 via absolute and relative imports as stated in PEP 328: http://python.org/peps/pep-0328.html |
|||
msg20676 - (view) | Author: Ziga Seilnacht (zseil) * | Date: 2007-03-06 13:21 | |
This was fixed in Python 2.5 with patch #1232023: http://www.python.org/sf/1232023 |
|||
msg20677 - (view) | Author: Georg Brandl (georg.brandl) * | Date: 2007-03-06 18:06 | |
Closing accordingly. |
History | |||
---|---|---|---|
Date | User | Action | Args |
2022-04-11 14:56:03 | admin | set | github: 40212 |
2004-05-04 00:46:44 | orib | create |