From de0aeaa432a3767835c5daecf10872a159ae415f Mon Sep 17 00:00:00 2001
From: "Andrew M. Kuchling" <amk@amk.ca>
Date: Fri, 11 Jun 2010 00:16:08 +0000
Subject: #5753: update demo.c to use PySys_SetArgvEx(), and add a comment

---
 Demo/embed/demo.c | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

diff --git a/Demo/embed/demo.c b/Demo/embed/demo.c
index 55bc808..00c5a0e 100644
--- a/Demo/embed/demo.c
+++ b/Demo/embed/demo.c
@@ -16,10 +16,19 @@ main(int argc, char **argv)
     initxyzzy();
 
     /* Define sys.argv.  It is up to the application if you
-       want this; you can also let it undefined (since the Python
+       want this; you can also leave it undefined (since the Python
        code is generally not a main program it has no business
-       touching sys.argv...) */
-    PySys_SetArgv(argc, argv);
+       touching sys.argv...) 
+
+       If the third argument is true, sys.path is modified to include
+       either the directory containing the script named by argv[0], or
+       the current working directory.  This can be risky; if you run
+       an application embedding Python in a directory controlled by
+       someone else, attackers could put a Trojan-horse module in the
+       directory (say, a file named os.py) that your application would
+       then import and run.
+    */
+    PySys_SetArgvEx(argc, argv, 0);
 
     /* Do some application specific code */
     printf("Hello, brave new world\n\n");
-- 
cgit v0.12