On 2/24/20, jdve...@gmail.com <jdve...@gmail.com> wrote: > > It is the intended and the expected behaviour. The working directory is > always added to the sys.path.
You mean always in this particular context, i.e. the working directory is added normally when executing a command via -c or a module as a script via -m. When executing a script normally, the script directory gets added, which is reasonably secure. Adding the working directory to sys.path is ok for the interactive shell and -c commands, but I don't understand why it gets added with -m, which is a security hole, and to me an annoyance. It can be disabled with isolated mode, but that's a blunt instrument that disables too much. _______________________________________________ Python-ideas mailing list -- python-ideas@python.org To unsubscribe send an email to python-ideas-le...@python.org https://mail.python.org/mailman3/lists/python-ideas.python.org/ Message archived at https://mail.python.org/archives/list/python-ideas@python.org/message/6SSCBUIPMFJC2ZR67DVTHICN3B5UDX2F/ Code of Conduct: http://python.org/psf/codeofconduct/
