* Radon Rosborough <[email protected]>, 2017-05-20, 14:29:
I would have thought that "#!/usr/bin/env sh" runs the risk of picking up a
malicious sh executable injected into the user's PATH.
That's certainly a valid concern. Does this happen in the real world? I feel
like if you have a malicious sh executable on your PATH, you're going to have
a lot more problems than just from virtualenv.
Right. It's safe to assume that all elements of PATH are trusted. If they're
not, all bets are off.
That said, I'm surprised that "#!/usr/bin/env sh" was proposed instead of the
more conventional "#!/bin/sh". I don't really see any advantages of the former.
--
Jakub Wilk
_______________________________________________
Distutils-SIG maillist - [email protected]
https://mail.python.org/mailman/listinfo/distutils-sig
