GNU bug report logs - #19540
minor: module path picking up ./././...

Previous Next

Package: guile;

Reported by: Matt Wette <mwette <at> alumni.caltech.edu>

Date: Fri, 9 Jan 2015 04:14:01 UTC

Severity: normal

Done: Andy Wingo <wingo <at> pobox.com>

Bug is archived. No further changes may be made.

Full log

Message #17 received at 19540 <at> debbugs.gnu.org (full text, mbox):

From: Matt Wette <mwette <at> alumni.caltech.edu>
To: Ludovic Courtès <ludo <at> gnu.org>
Cc: 19540 <at> debbugs.gnu.org
Subject: Re: bug#19540: repeated ./././ in compiled modules
Date: Mon, 19 Jan 2015 14:19:22 -0800

[Message part 1 (text/plain, inline)]
Absolute paths work.  But this is really unsatisfactory IMO.  I develop code in modules and do so in many directories.  It would be quite painful to just use absolute paths.

I don't see what the big security thread is.   If really a problem, why does guile allow relative paths?

For comparison, Python will load modules in the current directory.

Nonetheless, I think "." is breaking the traceback with the "./" being added on reload.  When I was using "." I wasn't getting file, line information in tracebacks.  Now, without GUILE_LOAD_PATH set to ":$HOME/opt/guile" I get traceback info for modules in my current directory.

I think the following may be a candidate fix?

code is from guile-2.0.11, in file boot-9.scm, near line 1683:

(define (in-vicinity vicinity file)
  (let ((tail (let ((len (string-length vicinity)))
                (if (zero? len)
                    #f
                    (string-ref vicinity (- len 1))))))
    (string-append vicinity
                   (if (or (not tail) (file-name-separator? tail))
                       ""
                       file-name-separator-string)
                   file)))
;; FIX?
(define (new-in-vicinity vicinity file)
  (let ((tail (let ((len (string-length vicinity)))
                (if (or (zero? len) (string=? "." vicinity))
                    #f
                    (string-ref vicinity (- len 1))))))
    (string-append vicinity
                   (if (or (not tail) (file-name-separator? tail))
                       ""
                       file-name-separator-string)
                   file)))


On Jan 19, 2015, at 12:28 PM, Ludovic Courtès <ludo <at> gnu.org> wrote:

> Matt Wette <mwette <at> alumni.caltech.edu> skribis:
> 
>> 1) I found that this problem persists across restarts of guile.  I have been debugging a module in current dir and I am seeing the path extend an extra "./" every time I type ",reload (lalr1).
>> 
>> 2) My environment includes
>>   GUILE_LOAD_PATH=.:/Users/mwette/opt/guile
> 
> The problem stems from the ‘.’ entry in the search path.  On one hand
> this is perfectly valid; on the other hand, it’s usually frowned upon,
> because you may end up executing possibly malicious code that just
> happens to be in $PWD.
> 
> All in all, I recommend using only absolute directory names in the
> search paths, which will also solve the initial problem.
> 
> Can you confirm?
> 
> Thanks,
> Ludo’.


[Message part 2 (text/html, inline)]
This bug report was last modified 8 years and 330 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.