Python flag/envvar to not put current directory on sys.path (but don't ignore PYTHONPATH) (original) (raw)

May 20, 2020, 2:26pm 2

Another option is to no longer add the current directory to sys.path by default. It was discussed a few times.

• In 2017, my attempt when Perl did exactly that: https://mail.python.org/pipermail/python-ideas/2017-June/045842.html
• 2009, python-dev: https://mail.python.org/pipermail/python-dev/2009-August/091360.html
• 2009, CVE-2008-5983 python: untrusted python modules search path: https://bugs.python.org/issue5753
• My notes on sys.path: https://python-security.readthedocs.io/security.html#module-search-path-sys-path
• 2018, Avoid adding an empty directory to sys.path when running a module with -m: https://bugs.python.org/issue33053
• 2012: https://bugs.python.org/issue16202
• etc.