Now that file objects are subclassable, you can get at the file constructor

just by doing type(f) where f is any file object. This left a hole in restricted execution mode that rexec.py can't plug by itself (although it can plug part of it; the rest is plugged in fileobject.c now).
author: Tim Peters <tim.peters@gmail.com> 2001-09-13 21:01:29 (GMT)
committer: Tim Peters <tim.peters@gmail.com> 2001-09-13 21:01:29 (GMT)
commit: 8fa45677c1833cc0d4ddaa57417c01ee8297eba8 (patch)
tree: e33c30313a1f60475f2e7b1e5db33901398398ab /Objects
parent: 561f899d198c74516f0911a415f2914af3890576 (diff)
download: cpython-8fa45677c1833cc0d4ddaa57417c01ee8297eba8.zip
cpython-8fa45677c1833cc0d4ddaa57417c01ee8297eba8.tar.gz
cpython-8fa45677c1833cc0d4ddaa57417c01ee8297eba8.tar.bz2
1 files changed, 8 insertions, 0 deletions
diff --git a/Objects/fileobject.c b/Objects/fileobject.c
index 3cadff5..b373024 100644
--- a/Objects/fileobject.c
+++ b/Objects/fileobject.c
@@ -92,6 +92,14 @@ open_the_file(PyFileObject *f, char *name, char *mode)
 	assert(name != NULL);
 	assert(mode != NULL);
 
+	/* rexec.py can't stop a user from getting the file() constructor --
+	   all they have to do is get *any* file object f, and then do
+	   type(f).  Here we prevent them from doing damage with it. */
+	if (PyEval_GetRestricted()) {
+		PyErr_SetString(PyExc_IOError,
+			"file() constructor not accessible in restricted mode");
+		return NULL;
+	}
 #ifdef HAVE_FOPENRF
 	if (*mode == '*') {
 		FILE *fopenRF();
author	Tim Peters <tim.peters@gmail.com>	2001-09-13 21:01:29 (GMT)
committer	Tim Peters <tim.peters@gmail.com>	2001-09-13 21:01:29 (GMT)
commit	8fa45677c1833cc0d4ddaa57417c01ee8297eba8 (patch)
tree	e33c30313a1f60475f2e7b1e5db33901398398ab /Objects
parent	561f899d198c74516f0911a415f2914af3890576 (diff)
download	cpython-8fa45677c1833cc0d4ddaa57417c01ee8297eba8.zip cpython-8fa45677c1833cc0d4ddaa57417c01ee8297eba8.tar.gz cpython-8fa45677c1833cc0d4ddaa57417c01ee8297eba8.tar.bz2