I got a second-hand report of a security problem with the way the
inferior interpreter works in my Python mode. There are patches to work
around it below for python-21.el (for Emacs 21) and python.el (for Emacs
22) as well as one which will apply against the forked mode from Emacs
22, although I wouldn't recommend using that version.
There's an explanation in the commentary added by the patch. I assume,
but don't know, that this is also appropriate for other systems like MS
Windows. I've only checked on GNU/Linux, and the Python documentation
says the module-loading behaviour is system-dependent.
The current versions of the mode are under
<
URL:http://www.loveshack.ukfsn.org/emacs/>.
--- python-21.el 2008/02/23 14:38:13 1.59
+++ python-21.el 2008/09/10 09:59:25
@@ -1475,6 +1476,10 @@
default `python-command', or argument NEW is non-nil. See also the
documentation for `python-buffer'.
+Note that, as a security measure, modules won't be loaded from the
+current directory if this command is invoked initially in a
+world-writable directory.
+
Runs the hook `inferior-python-mode-hook'...
