From 1435db48baff185660650d46992f1a290a803b9d Mon Sep 17 00:00:00 2001
From: Martin Pitt <martin.pitt@ubuntu.com>
Date: Wed, 17 Aug 2011 08:57:15 +0200
Subject: [PATCH] Clarify g_spawn_*() behaviour without full path

Document the previously uncovered case of calling g_spawn_async_with_pipes()
without a full path but no G_SPAWN_SEARCH_PATH. This runs programs from the
current directory, which might be unexpected and even dangerous in some corner
cases.

https://bugzilla.gnome.org/show_bug.cgi?id=656621
---
 glib/gspawn.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/glib/gspawn.c b/glib/gspawn.c
index ef1e0e883..3aa6a9be2 100644
--- a/glib/gspawn.c
+++ b/glib/gspawn.c
@@ -482,6 +482,10 @@ g_spawn_sync (const gchar          *working_directory,
  * course the name of the program to execute. By default, the name of
  * the program must be a full path; the <envar>PATH</envar> shell variable 
  * will only be searched if you pass the %G_SPAWN_SEARCH_PATH flag.
+ * If the program name is not a full path and %G_SPAWN_SEARCH_PATH flag is not
+ * used, then the program will be run from the current directory (or
+ * %working_directory, if specified); this might be unexpected or even
+ * dangerous in some cases when the current directory is world-writable.
  *
  * On Windows, note that all the string or string vector arguments to
  * this function and the other g_spawn*() functions are in UTF-8, the