which-pkg-broke: Enforce POSIX ("C") locale without resetting $PATH
Closes: #883889
Explanation for the commit by committer Axel Beckert after
explanations by commit-author Jakub Wilk:
Resetting all environment variables and hence also $PATH causes Python
to set its default search path which includes the current directory.
Including the current directory in $PATH is nowadays considered a a
security issue.
See also https://bugs.python.org/issue26414
Jakub Wilk authored 6 years ago
Axel Beckert committed 5 years ago
| 8 | 8 | from string import * |
| 9 | 9 | from stat import * |
| 10 | 10 | |
| 11 | def force_posix_locale(): | |
| 12 | os.environ['LC_ALL'] = 'C' | |
| 13 | ||
| 11 | 14 | def pkgdeps(pkgs): |
| 12 | 15 | apt_cache = subprocess.Popen( |
| 13 | 16 | ['apt-cache', 'depends', *pkgs], |
| 14 | 17 | stdout=subprocess.PIPE, stderr=subprocess.STDOUT, |
| 15 | 18 | universal_newlines=True, |
| 16 | env={} # force POSIX locale | |
| 19 | preexec_fn=force_posix_locale, | |
| 17 | 20 | ) |
| 18 | 21 | deps = [] |
| 19 | 22 | for myline in apt_cache.stdout: |
| 41 | 44 | ['dpkg', '--print-architecture'], |
| 42 | 45 | stdout=subprocess.PIPE, stderr=subprocess.STDOUT, |
| 43 | 46 | universal_newlines=True, |
| 44 | env={} # force POSIX locale | |
| 47 | preexec_fn=force_posix_locale, | |
| 45 | 48 | ) |
| 46 | 49 | for arch in dpkg_arch.stdout.readlines(): |
| 47 | 50 | architectures.append(arch.rstrip()) |
| 51 | 54 | ['dpkg', '--print-foreign-architecture'], |
| 52 | 55 | stdout=subprocess.PIPE, stderr=subprocess.STDOUT, |
| 53 | 56 | universal_newlines=True, |
| 54 | env={} # force POSIX locale | |
| 57 | preexec_fn=force_posix_locale, | |
| 55 | 58 | ) |
| 56 | 59 | for arch in dpkg_archs.stdout.readlines(): |
| 57 | 60 | architectures.append(arch.rstrip()) |