bpo-35755: Remove current directory from posixpath.defpath (GH-11586)

author Victor Stinner <vstinner@redhat.com>

Wed, 17 Apr 2019 15:05:30 +0000 (17:05 +0200)

committer GitHub <noreply@github.com>

Wed, 17 Apr 2019 15:05:30 +0000 (17:05 +0200)
author Victor Stinner <vstinner@redhat.com>
Wed, 17 Apr 2019 15:05:30 +0000 (17:05 +0200)
committer GitHub <noreply@github.com>
Wed, 17 Apr 2019 15:05:30 +0000 (17:05 +0200)
diff --git a/Lib/posixpath.py b/Lib/posixpath.py

index 21ce72fd79cdef561ab77d1b573447e19dafc47f..ecb4e5a8f7072c52effe4606b7406190a2dd7787 100644 (file)
--- a/Lib/posixpath.py
+++ b/Lib/posixpath.py
@@ -18,7 +18,7 @@ pardir = '..'
  extsep = '.'
  sep = '/'
  pathsep = ':'
-defpath = ':/bin:/usr/bin'
+defpath = '/bin:/usr/bin'
  altsep = None
  devnull = '/dev/null'
  
diff --git a/Misc/NEWS.d/next/Security/2019-01-17-10-03-48.bpo-35755.GmllIs.rst b/Misc/NEWS.d/next/Security/2019-01-17-10-03-48.bpo-35755.GmllIs.rst

new file mode 100644 (file)

index 0000000..959aafd
--- /dev/null
+++ b/Misc/NEWS.d/next/Security/2019-01-17-10-03-48.bpo-35755.GmllIs.rst
@@ -0,0 +1,5 @@
+:func:`shutil.which` now uses ``os.confstr("CS_PATH")`` if available and if the
+:envvar:`PATH` environment variable is not set. Remove also the current
+directory from :data:`posixpath.defpath`. On Unix, :func:`shutil.which` and the
+:mod:`subprocess` module no longer search the executable in the current
+directory if the :envvar:`PATH` environment variable is not set.
author	Victor Stinner <vstinner@redhat.com>
	Wed, 17 Apr 2019 15:05:30 +0000 (17:05 +0200)
committer	GitHub <noreply@github.com>
	Wed, 17 Apr 2019 15:05:30 +0000 (17:05 +0200)
Lib/posixpath.py		patch \| blob \| history
Misc/NEWS.d/next/Security/2019-01-17-10-03-48.bpo-35755.GmllIs.rst	[new file with mode: 0644]	patch \| blob