Hacker News new | ask | show | jobs
by JoshTriplett 4010 days ago
> Why is a relative path in the PYTHONPATH necessarily bad practice? It's not a rhetorical question, I am genuinely curious.

Among other things, what happens if your Python code changes its working directory, then subsequently tries to import a module? Consequences range from "doesn't work" to "introduces a security vulnerability by running arbitrary Python code from an untrusted directory".
1 comments
ehremo 4010 days ago
Actually I don't believe that would happen. I think the relative PYTHONPATH gets expanded at startup and becomes an absolute path. Subsequent changes to the working directory wouldn't affect it.
link
pyre 4010 days ago
That seems correct:

  /tmp $ PYTHONPATH='./test' /usr/bin/python -c 'import sys; print sys.path[:3]'                                                                                                                               
  ['', '/private/tmp/test', '/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python27.zip']
link
JoshTriplett 4010 days ago
Good to know, thanks.

It's still odd for software to only work when launched from a specific directory, but not necessarily a critical security vulnerability then.

link