Hi all, a few days ago someone reported this issue:
http://www.pyinstaller.org/ticket/360 Is it really a bug which should be fixed? I would like to start discussion about it. Should we fix the bootloader to use absolute paths? What side effects could this change cause? Text of this ticket: ---------------------------- I just noticed that os.environLD_LIBRARY_PATH? inside the started application contains "./". The same applies to os.environPYTHONPATH?. This is bad for multiple reasons: Changing the current directory will mean that the search path effectively changes. So demand-loading modules will break when changing the CWD. An attacker could use this to inject any shared library into the running program, which will make this a security problem. The basic correction for this is to replace any relative path with an absolute path before using it in LD_LIBRARY_PATH or PYTHONPATH. -------------------------------- -- You received this message because you are subscribed to the Google Groups "PyInstaller" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/pyinstaller?hl=en.
