diff options
author | Wojciech Siewierski <wojciech.siewierski@onet.pl> | 2017-05-06 22:11:34 +0200 |
---|---|---|
committer | Wojciech Siewierski <wojciech.siewierski@onet.pl> | 2017-05-06 22:11:34 +0200 |
commit | d5e269d8f15b189bc54ed48be1c92247a4e0c84c (patch) | |
tree | a2936616602365f42f69554426d465c2416ad42b /ranger | |
parent | ccbcfc60810cba1ef79677a714746d40b34e34e7 (diff) | |
download | ranger-d5e269d8f15b189bc54ed48be1c92247a4e0c84c.tar.gz |
Do not strip the current working directoy from sys.path
Fixes #861. This code was assuming that cwd is being added to `sys.path` but according to my investigation it isn't true. On the other hand, the script directory is added to `sys.path`, which would be `/usr/bin/` in this case. `/usr/bin/` is neither a vulnerability, nor affected by this code, so I'm removing it. I'm pasting my brief tests of the Python module loading behavior: ``` [root@de5476e76587 test]# tree . ├── main.py └── ranger └── __init__.py 1 directory, 2 files [root@de5476e76587 test]# cat main.py import ranger print("Done") [root@de5476e76587 test]# cat ranger/__init__.py print("I'm a bad module doing bad stuff to good people.") [root@de5476e76587 test]# ./main.py I'm a bad module doing bad stuff to good people. Done [root@de5476e76587 test]# cd ../ [root@de5476e76587 ~]# ./test/main.py I'm a bad module doing bad stuff to good people. Done [root@de5476e76587 ~]# cd - /root/test [root@de5476e76587 test]# mv main.py .. [root@de5476e76587 test]# ../main.py Done [root@de5476e76587 test]# PATH=..:$PATH main.py Done [root@de5476e76587 test]# mv ../main.py . [root@de5476e76587 test]# cd .. [root@de5476e76587 ~]# PATH=$PWD/test:$PATH main.py I'm a bad module doing bad stuff to good people. Done [root@de5476e76587 ~]# ```
Diffstat (limited to 'ranger')
0 files changed, 0 insertions, 0 deletions