From: Andrew M. Kuchling <amk@amk.ca>
Date: Fri, 11 Jun 2010 00:16:08 +0000 (+0000)
Subject: #5753: update demo.c to use PySys_SetArgvEx(), and add a comment
X-Git-Tag: v2.7rc2~40
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=de0aeaa432a3767835c5daecf10872a159ae415f;p=python

#5753: update demo.c to use PySys_SetArgvEx(), and add a comment
---

diff --git a/Demo/embed/demo.c b/Demo/embed/demo.c
index 55bc8087d6..00c5a0e66e 100644
--- a/Demo/embed/demo.c
+++ b/Demo/embed/demo.c
@@ -16,10 +16,19 @@ main(int argc, char **argv)
     initxyzzy();
 
     /* Define sys.argv.  It is up to the application if you
-       want this; you can also let it undefined (since the Python
+       want this; you can also leave it undefined (since the Python
        code is generally not a main program it has no business
-       touching sys.argv...) */
-    PySys_SetArgv(argc, argv);
+       touching sys.argv...) 
+
+       If the third argument is true, sys.path is modified to include
+       either the directory containing the script named by argv[0], or
+       the current working directory.  This can be risky; if you run
+       an application embedding Python in a directory controlled by
+       someone else, attackers could put a Trojan-horse module in the
+       directory (say, a file named os.py) that your application would
+       then import and run.
+    */
+    PySys_SetArgvEx(argc, argv, 0);
 
     /* Do some application specific code */
     printf("Hello, brave new world\n\n");