subject:"\[issue35755\] On Unix, shutil.which\(\) and subprocess no longer look for the executable in the current directory if PATH environment variable is not set"

[issue35755] On Unix, shutil.which() and subprocess no longer look for the executable in the current directory if PATH environment variable is not set

2019-04-24 Thread Kubilay Kocak



Change by Kubilay Kocak :


--
nosy: +koobs

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue35755] On Unix, shutil.which() and subprocess no longer look for the executable in the current directory if PATH environment variable is not set

2019-04-18 Thread STINNER Victor



STINNER Victor  added the comment:

> For Python 2.7... well, I don't think that this issue is important enough to 
> justify a backport. I prefer to do nothing rather than having to deal with 
> unhappy users complaining that Python 2.7 changed broke their application in 
> a minor 2.7.x release :-) Even if, again, the risk of regression is very low.

Same rationale for Python 3.6. While I would call this change related to 
security, I'm not comfortable to backport the change. The issue is not 
important enough compared to the risk of regression.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue35755] On Unix, shutil.which() and subprocess no longer look for the executable in the current directory if PATH environment variable is not set

2019-04-17 Thread STINNER Victor



STINNER Victor  added the comment:

> I suspect that the former is implementation accident. I can't imagine why
would anyone want this behavior.
>
> NB, POSIX says that when PATH is unset or empty, the path search is
implementation-defined.

Not thank you POSIX for being clueless. Let's say that Python is
opiniatied, as when we decided that file descriptors must be created
non-inheritable by default even if "it goes against POSIX".

If you want to look if the current directory, you now have to ask for it
kindly and explicitly ;-)

IHMO Using CS_PATH rather than hardcoded os.defpath is also a major step
forward ;-)

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue35755] On Unix, shutil.which() and subprocess no longer look for the executable in the current directory if PATH environment variable is not set

2019-04-17 Thread Jakub Wilk



Jakub Wilk  added the comment:

When PATH is empty string:
* zsh and FreeBSD which look for binaries in cwd.
* debianutils and GNU which always fail.

I suspect that the former is implementation accident. I can't imagine why would 
anyone want this behavior.

NB, POSIX says that when PATH is unset or empty, the path search is 
implementation-defined.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue35755] On Unix, shutil.which() and subprocess no longer look for the executable in the current directory if PATH environment variable is not set

2019-04-17 Thread STINNER Victor



STINNER Victor  added the comment:

I modified posixpath.defpath, shutil.which() and 
distutils.spawn.find_executable() in 3.7 and master (future Python 3.8) 
branches. I close the issue. Thanks everybody for the review and helping me to 
collect info about corner cases!

I chose to also change Python 3.7. IMHO there is a low risk of breaking 
applications: I expect that few users run Python with no PATH environment 
variable *and* expect that Python looks for programs in the current directory. 
But it enhances the security a little bit.

For Python 2.7... well, I don't think that this issue is important enough to 
justify a backport. I prefer to do nothing rather than having to deal with 
unhappy users complaining that Python 2.7 changed broke their application in a 
minor 2.7.x release :-) Even if, again, the risk of regression is very low.

--
resolution:  -> fixed
stage: patch review -> resolved
status: open -> closed
title: shutil.which() and subprocess no longer look for the executable in the 
current directory if PATH environment variable is not set -> On Unix, 
shutil.which() and subprocess no longer look for the executable in the current 
directory if PATH environment variable is not set

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue35755] On Unix, shutil.which() and subprocess no longer look for the executable in the current directory if PATH environment variable is not set

[issue35755] On Unix, shutil.which() and subprocess no longer look for the executable in the current directory if PATH environment variable is not set

[issue35755] On Unix, shutil.which() and subprocess no longer look for the executable in the current directory if PATH environment variable is not set

[issue35755] On Unix, shutil.which() and subprocess no longer look for the executable in the current directory if PATH environment variable is not set

[issue35755] On Unix, shutil.which() and subprocess no longer look for the executable in the current directory if PATH environment variable is not set

5 matches

Site Navigation

Mail list logo

Footer information