[glib] Clarify g_spawn_*() behaviour without full path

[Matthias Clasen <matthiasc src gnome org>]

commit 1435db48baff185660650d46992f1a290a803b9d
Author: Martin Pitt <martin pitt ubuntu com>
Date:   Wed Aug 17 08:57:15 2011 +0200

    Clarify g_spawn_*() behaviour without full path
    
    Document the previously uncovered case of calling g_spawn_async_with_pipes()
    without a full path but no G_SPAWN_SEARCH_PATH. This runs programs from the
    current directory, which might be unexpected and even dangerous in some corner
    cases.
    
    https://bugzilla.gnome.org/show_bug.cgi?id=656621

 glib/gspawn.c |    4 ++++
 1 files changed, 4 insertions(+), 0 deletions(-)
---
diff --git a/glib/gspawn.c b/glib/gspawn.c
index ef1e0e8..3aa6a9b 100644
--- a/glib/gspawn.c
+++ b/glib/gspawn.c
@@ -482,6 +482,10 @@ g_spawn_sync (const gchar          *working_directory,
  * course the name of the program to execute. By default, the name of
  * the program must be a full path; the <envar>PATH</envar> shell variable 
  * will only be searched if you pass the %G_SPAWN_SEARCH_PATH flag.
+ * If the program name is not a full path and %G_SPAWN_SEARCH_PATH flag is not
+ * used, then the program will be run from the current directory (or
+ * %working_directory, if specified); this might be unexpected or even
+ * dangerous in some cases when the current directory is world-writable.
  *
  * On Windows, note that all the string or string vector arguments to
  * this function and the other g_spawn*() functions are in UTF-8, the