Clarify g_spawn_*() behaviour without full path

Document the previously uncovered case of calling g_spawn_async_with_pipes()
without a full path but no G_SPAWN_SEARCH_PATH. This runs programs from the
current directory, which might be unexpected and even dangerous in some corner
cases.

https://bugzilla.gnome.org/show_bug.cgi?id=656621

diff --git a/glib/gspawn.c b/glib/gspawn.c
index ef1e0e8..3aa6a9b 100644 (file)
--- a/glib/gspawn.c
+++ b/glib/gspawn.c
@@ -482,6 +482,10 @@ g_spawn_sync (const gchar          *working_directory,
  * course the name of the program to execute. By default, the name of
  * the program must be a full path; the <envar>PATH</envar> shell variable 
  * will only be searched if you pass the %G_SPAWN_SEARCH_PATH flag.
+ * If the program name is not a full path and %G_SPAWN_SEARCH_PATH flag is not
+ * used, then the program will be run from the current directory (or
+ * %working_directory, if specified); this might be unexpected or even
+ * dangerous in some cases when the current directory is world-writable.
  *
  * On Windows, note that all the string or string vector arguments to
  * this function and the other g_spawn*() functions are in UTF-8, the