On 10/28/2015 10:10 AM, Peter Otten wrote: > Terry Reedy wrote: > > Thank you for your patience. > >> Why do you think it a misfeature for IDLE to execute code the way Python >> does? > > Sadly I wasn't aware that the interactive interpreter is also vulnerable. > I should have been, but failed to add one and one. > > Until now I have often started python in a directory with unknown contents, > to use it as a calculator or to explore the files in that directory. > > I will stop doing so.
I'm curious what behavior you would suggest? In the case of the bare interactive interpreter, since there's no script loaded, the current directory is added so you can import modules you are working on. I do this all the time to help with testing and development of my projects' modules. This behavior makes perfect sense to me and I don't see any other practical alternative that is useful, expect for some syntax that differentiates between "local" imports and system ones. Not being able to easily import local modules would make the interactive interpreter next to useless for me. Given that this is only the behavior for interactive Python anyway, I don't see this as a significant vulnerability. If a bad guy is littering your working directories with malicious python programs you might import, you've already lost. No amount of Python tweaks are going to save you. -- https://mail.python.org/mailman/listinfo/python-list
