Message 137911 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	r.david.murray
Recipients	ned.deily, r.david.murray
Date	2011-06-08.15:14:12
SpamBayes Score	3.8612956e-08
Marked as misclassified	No
Message-id	<1307546053.2.0.273136321844.issue12282@psf.upfronthosting.co.za>
In-reply-to

Content
It turns out that I had a stray abc.py file in my current working directory as the result of some previous tests of module-load-order rules. That by itself wouldn't have triggered the problem, but in addition, I have PYTHONPATH set in my environment because I have the hg whitespace hook installed. Apparently the build process turns a non-empty PYTHONPATH into a null entry in the final computed PYTHONPATH it uses when hg is called, and this results in anything located in the CWD being loaded. I don't think this rises quite to the level of a security issue, since it applies only at build time, but it certainly seems like a bug.

It turns out that I had a stray abc.py file in my current working directory as the result of some previous tests of module-load-order rules.  That by itself wouldn't have triggered the problem, but in addition, I have PYTHONPATH set in my environment because I have the hg whitespace hook installed.  Apparently the build process turns a non-empty PYTHONPATH into a null entry in the final computed PYTHONPATH it uses when hg is called, and this results in anything located in the CWD being loaded.

I don't think this rises quite to the level of a security issue, since it applies only at build time, but it certainly seems like a bug.

History
Date	User	Action	Args
2011-06-08 15:14:13	r.david.murray	set	recipients: + r.david.murray, ned.deily
2011-06-08 15:14:13	r.david.murray	set	messageid: <1307546053.2.0.273136321844.issue12282@psf.upfronthosting.co.za>
2011-06-08 15:14:12	r.david.murray	link	issue12282 messages
2011-06-08 15:14:12	r.david.murray	create