Index: Python/sysmodule.c
===================================================================
--- Python/sysmodule.c	(révision 72256)
+++ Python/sysmodule.c	(copie de travail)
@@ -1591,7 +1591,7 @@
 }
 
 void
-PySys_SetArgv(int argc, char **argv)
+PySys_SetArgvEx(int argc, char **argv, int updatepath)
 {
 #if defined(HAVE_REALPATH)
 	char fullpath[MAXPATHLEN];
@@ -1604,7 +1604,7 @@
 		Py_FatalError("no mem for sys.argv");
 	if (PySys_SetObject("argv", av) != 0)
 		Py_FatalError("can't assign sys.argv");
-	if (path != NULL) {
+	if (updatepath && path != NULL) {
 		char *argv0 = argv[0];
 		char *p = NULL;
 		Py_ssize_t n = 0;
@@ -1694,7 +1694,13 @@
 	Py_DECREF(av);
 }
 
+void
+PySys_SetArgv(int argc, char **argv)
+{
+	PySys_SetArgvEx(argc, argv, 1);
+}
 
+
 /* APIs to write to sys.stdout or sys.stderr using a printf-like interface.
    Adapted from code submitted by Just van Rossum.
 
Index: Include/sysmodule.h
===================================================================
--- Include/sysmodule.h	(révision 72256)
+++ Include/sysmodule.h	(copie de travail)
@@ -11,6 +11,7 @@
 PyAPI_FUNC(int) PySys_SetObject(char *, PyObject *);
 PyAPI_FUNC(FILE *) PySys_GetFile(char *, FILE *);
 PyAPI_FUNC(void) PySys_SetArgv(int, char **);
+PyAPI_FUNC(void) PySys_SetArgvEx(int, char **, int);
 PyAPI_FUNC(void) PySys_SetPath(char *);
 
 PyAPI_FUNC(void) PySys_WriteStdout(const char *format, ...)
Index: Misc/NEWS
===================================================================
--- Misc/NEWS	(révision 72256)
+++ Misc/NEWS	(copie de travail)
@@ -12,6 +12,10 @@
 Core and Builtins
 -----------------
 
+- Issue #5753: Introduce a new C API function, PySys_SetArgvEx(), which
+  doesn't modify sys.path. This helps fix security issue CVE-2008-5983
+  ("python: untrusted python modules search path").
+
 - Issue #1588: Add complex.__format__. For example, 
   format(complex(1, 2./3), '.5') now produces a sensible result.
 
Index: Doc/c-api/init.rst
===================================================================
--- Doc/c-api/init.rst	(révision 72256)
+++ Doc/c-api/init.rst	(copie de travail)
@@ -369,6 +369,16 @@
       check w/ Guido.
 
 
+.. cfunction:: void PySys_SetArgvEx(int argc, char **argv, int updatepath)
+
+   This function works like :cfunc:`PySys_SetArgv` if *updatepath* is 1.
+   If *updatepath* is 0, it doesn't update :data:`sys.path`, which may be 
+   safer if you are embedding Python in an application (this issue was
+   sometimes reported as a security leak).
+
+   .. versionadded:: 2.6.3
+
+
 .. cfunction:: void Py_SetPythonHome(char *home)
 
    Set the default "home" directory, that is, the location of the standard