[issue26414] os.defpath too permissive

Change by Eryk Sun : -- resolution: -> duplicate stage: -> resolved status: open -> closed superseder: -> Remove current directory from posixpath.defpath to enhance security ___ Python tracker

[issue26414] os.defpath too permissive

Change by Guido van Rossum : -- nosy: -gvanrossum ___ Python tracker ___ ___

[issue26414] os.defpath too permissive

Change by Nitish : -- nosy: +nitishch ___ Python tracker ___ ___ Python-bugs-list

[issue26414] os.defpath too permissive

Jakub Wilk added the comment: Linux man page for execvp(3) says: > The default search path (used when the environment does not contain > the variable PATH) shows some variation across systems. It generally > includes /bin

[issue26414] os.defpath too permissive

Changes by Shawn : -- nosy: +swalker ___ Python tracker ___ ___ Python-bugs-list

[issue26414] os.defpath too permissive

Martin Panter added the comment: Digging through the history, it has been this way since at least revision d5b67d2ec7ee (1994). Removing the colon is definitely a good idea. Maybe this might be a more proper way to get the default PATH: >>> os.confstr("CS_PATH") '/bin:/usr/bin' --

[issue26414] os.defpath too permissive

Changes by Guido van Rossum : -- nosy: +gvanrossum ___ Python tracker ___ ___

[issue26414] os.defpath too permissive

Changes by Danek Duvall : -- nosy: +dhduvall ___ Python tracker ___ ___

[issue26414] os.defpath too permissive

New submission from John Beck: A bug has been filed against Solaris' internal version of Python, which is largely the same (including in this case) as the base version we get from python.org. The bug is that os.defpath starts with ':' and thus any Python script run with a null PATH environment