[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[debian-devel:16339] Re: rubyのLOAD_PATH

From: Fumitoshi UKAI <ukai@debian.or.jp>
Subject: [debian-devel:16339] Re: rubyのLOAD_PATH
Date: Sat, 7 Jan 2006 02:16:56 +0900
List-help: <mailto:debian-devel-ctl@debian.or.jp?body=help>
List-id: debian-devel.debian.or.jp
List-owner: <mailto:debian-devel-admin@debian.or.jp>
List-post: <mailto:debian-devel@debian.or.jp>
List-software: fml [fml 4.0.3 release (20011202/4.0.3)]
List-unsubscribe: <mailto:debian-devel-ctl@debian.or.jp?body=unsubscribe>
Organization: Debian JP Project
X-ml-info: If you have a question, send e-mail with the body "help" (without quotes) to the address debian-devel-ctl@debian.or.jp; help=<mailto:debian-devel-ctl@debian.or.jp?body=help>
X-ml-name: debian-devel
X-mlserver: fml [fml 4.0.3 release (20011202/4.0.3)]; post only (only members can post)
X-original-to: debian-devel@debian.or.jp
References: <871wzlmmo7.dancerj%dancer@xxxxxxxxxxxxx>
Message-id: <87wthd9sze.wl%ukai@debian.or.jp>
X-mail-count: 16339
User-agent: Wanderlust/2.14.0 (Africa) SEMI/1.14.6 (Maruoka) FLIM/1.14.6 (Marutamachi) APEL/10.6 Emacs/21.4 (i386-pc-linux-gnu) MULE/5.0 (SAKAKI)

At Fri, 6 Jan 2006 23:54:49 +0900,
Junichi Uekawa wrote:

> ruby の LOAD_PATH が . を含んでいることが気になっています．他の言語で
> は通例そういうことはしていないという前例があることから何か脆弱性がある
> のか，という点が不安です．

していないという前例って?

perl の @INC にも . が最後にありますよ。
 % perl -e 'print "@INC\n"'
 /etc/perl /usr/local/lib/perl/5.8.4 /usr/local/share/perl/5.8.4 /usr/lib/perl5 /usr/share/perl5 /usr/lib/perl/5.8 /usr/share/perl/5.8 /usr/local/lib/site_perl .

むしろ python のほうが current directory が先頭にあってやばそうです。

% python -c 'import sys
print sys.path'
['', '/usr/lib/python23.zip', '/usr/lib/python2.3', '/usr/lib/python2.3/plat-linux2', '/usr/lib/python2.3/lib-tk', '/usr/lib/python2.3/lib-dynload', '/usr/local/lib/python2.3/site-packages', '/usr/lib/python2.3/site-packages']
% cat > /tmp/test.py
import sys
print sys.path
% python /tmp/test.py
['/tmp', '/usr/lib/python23.zip', '/usr/lib/python2.3', '/usr/lib/python2.3/plat-linux2', '/usr/lib/python2.3/lib-tk', '/usr/lib/python2.3/lib-dynload', '/usr/local/lib/python2.3/site-packages', '/usr/lib/python2.3/site-packages']
cassis% python2.4 /tmp/test.py
['/tmp', '/usr/lib/python24.zip', '/usr/lib/python2.4', '/usr/lib/python2.4/plat-linux2', '/usr/lib/python2.4/lib-tk', '/usr/lib/python2.4/lib-dynload', '/usr/local/lib/python2.4/site-packages', '/usr/lib/python2.4/site-packages']

http://docs.python.org/tut/node8.html#SECTION008110000000000000000

6.1.1 The Module Search Path
  When a module named spam is imported, the interpreter searches for a
  file named spam.py in the current directory, and then in the list of
  directories specified by the environment variable PYTHONPATH. This has
  the same syntax as the shell variable PATH, that is, a list of
  directory names.

-- 
鵜飼文敏

Follow-Ups:
- [debian-devel:16340] Re: rubyのLOAD_PATH
  - From: Junichi Uekawa

References:
- [debian-devel:16338] rubyのLOAD_PATH
  - From: Junichi Uekawa

Prev by Date: [debian-devel:16338] rubyのLOAD_PATH
Next by Date: [debian-devel:16340] Re: rubyのLOAD_PATH
Previous by thread: [debian-devel:16338] rubyのLOAD_PATH
Next by thread: [debian-devel:16340] Re: rubyのLOAD_PATH
Index(es):
- Date
- Thread