This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author ztane
Recipients ztane
Date 2018-03-12.11:57:14
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <>
I think this is a really stupid security bug. Running a module with `-mmodule` seems to add '' as a path in sys.path, and in front. This is doubly wrong, because '' will stand for whatever the current working directory might happen to be at the time of the *subsequent import statements*, i.e. it is far worse than

I.e. whereas python3 /usr/lib/ wouldn't do that, python3 -mmodule would make it so that following a chdirs in code, imports would be executed from arbitrary locations. Verified on MacOS X, Ubuntu 17.10, using variety of Python versions up to 3.7.
Date User Action Args
2018-03-12 11:57:15ztanesetrecipients: + ztane
2018-03-12 11:57:15ztanesetmessageid: <>
2018-03-12 11:57:14ztanelinkissue33053 messages
2018-03-12 11:57:14ztanecreate