| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Address SF bug #577530: del __builtins__ breaks out of rexec
Using the suggestion there: add_module() forces __builtin__ back; this
fixes r_exec, r_eval, r_execfile.
This does not mean that rexec is now considered safe! But for those
willing to take the risk, it's safer than before. (Note that a safety
analysis of the code module would be wise if you plan to use the
interactive console for real -- I've only ever used it to play with
restricted mode.)
|
| |
|
|
|
|
|
|
|
|
| |
SF bug 533625 (Armin Rigo). rexec: potential security hole
If a rexec instance allows writing in the current directory (a common
thing to do), there's a way to execute bogus bytecode. Fix this by
not allowing imports from .pyc files (in a way that allows a site to
configure things so that .pyc files *are* allowed, if writing is not
allowed).
|
| |
|
|
| |
Fix SF bug #433904 (Alex Martelli) - all s_* methods return None only.
|
| |
|
|
|
|
| |
also modified check_all function to suppress all warnings since they aren't
relevant to what this test is doing (allows quiet checking of regsub, for
instance)
|
| | |
|
| |
|
|
| |
to.
|
| |
|
|
|
| |
only there to override reload() in a way that doesn't make a whole lot
of sense and moreover broke since the latest changes in ihooks.
|
| |
|
|
|
|
|
| |
(2) Made the test script a bit fancier -- you can now use it to run
arbitrary scripts in restricted mode, and it will do the right thing.
(The interactive mode is still pretty lame; should integrate this with
code.interact().)
|
| |
|
|
|
| |
should never be called, so this isn't really needed, but this
signifies that rexec now supports packages -- because ihooks does.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
cPickle-compatible pickle, and pickle must be importable in restricted
mode. I guess I'll have to make marshal safe.
|
| |
|
|
|
|
| |
unmarshalling code is actually rather naive and can easily be
caused to crash by feeding it invalid data. This should be fixed in
the marshal module, but I don't have the time to fix it now :-(
|
| |
|
|
| |
builtin_module_names are always tuples.
|
| | |
|
| | |
|
| |
|
|
|
| |
2. New trusted built-in modules cmath, errno, operator, parser.
3. Corrected bogus s_apply() -- the new one actually works (reported by AMK).
|
| |
|
|
| |
Use keyword arg to set verbose flag in test func.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Change RHooks() interface to not require a 'rexec' instance argument;
added set_rexec() method instead (which must be called by the RExec
instance using this RHooks instance).
Support dynamic loading of modules, at least for those modules that
are ok built-in modules. Added new interfaces set_trusted_path() and
load_dynamic() to RExec class (the default trusted path consists of
all absolute pathnames in sys.path).
Change copy_except() to actually try to delete the exceptions.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
