Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Address SF bug #577530: del __builtins__ breaks out of rexec | Guido van Rossum | 2002-09-15 | 1 | -8/+12 |
| | | | | | | | | | | | | | | | | | | | | | | Using the suggestion there: add_module() forces __builtin__ back; this fixes r_exec, r_eval, r_execfile. The interactive console had to be fixed separately, because it doesn't use r_exec, but relies on the 'locals' dict having the right __builtins__. Fixed this by subclassing InteractiveConsole and overriding runcode(), which does the exec. This changes the banner output slightly: instead of starting with *** RESTRICTED ***, a subtler (RestrictedConsole) is printed before the first >>> prompt. Also import readline (if it exists) when the interactive console is used, for more convenient input editing and history. This does not mean that rexec is now considered safe! But for those willing to take the risk, it's safer than before. (Note that a safety analysis of the code module would be wise if you plan to use the interactive console for real -- I've only ever used it to play with restricted mode.) This should be backported to 2.2 and 2.1. | ||||
* | Use code.interact(), which is even simpler, *and* imports readline | Guido van Rossum | 2002-06-14 | 1 | -3/+3 |
| | | | | when it can. | ||||
* | Don't poorly emulate the interactive interpreter, use | Guido van Rossum | 2002-06-14 | 1 | -19/+9 |
| | | | | code.InteractiveConsole to do a much better job. | ||||
* | SF 563203. Replaced 'has_key()' with 'in'. | Raymond Hettinger | 2002-06-01 | 1 | -2/+2 |
| | |||||
* | SF bug 533625 (Armin Rigo). rexec: potential security hole | Guido van Rossum | 2002-05-31 | 1 | -1/+11 |
| | | | | | | | | | | If a rexec instance allows writing in the current directory (a common thing to do), there's a way to execute bogus bytecode. Fix this by not allowing imports from .pyc files (in a way that allows a site to configure things so that .pyc files *are* allowed, if writing is not allowed). I'll apply this to 2.2 and 2.1 too. | ||||
* | Move statement out of comment block | Raymond Hettinger | 2002-05-30 | 1 | -1/+1 |
| | |||||
* | Patch 560023 adding docstrings. 2.2 Candidate (after verifying modules were ↵ | Raymond Hettinger | 2002-05-29 | 1 | -1/+160 |
| | | | | not updated after 2.2). | ||||
* | Ignore execfile() return value; reported by Neal Norwitz. | Fred Drake | 2001-10-13 | 1 | -1/+1 |
| | |||||
* | Now that file objects are subclassable, you can get at the file constructor | Tim Peters | 2001-09-13 | 1 | -2/+2 |
| | | | | | | just by doing type(f) where f is any file object. This left a hole in restricted execution mode that rexec.py can't plug by itself (although it can plug part of it; the rest is plugged in fileobject.c now). | ||||
* | Remove redundant import (PyChecker). | Guido van Rossum | 2001-08-13 | 1 | -2/+4 |
| | | | | Update greeting message to avoid the long copyright notice. | ||||
* | Remove make_re() function; this is no longer needed since _sre and pcre | Fred Drake | 2001-08-07 | 1 | -10/+0 |
| | | | | | | | are now allowed by ok_builtin_modules. This effectively backs out revision 1.26. This closes SF bug #448546. | ||||
* | Add sha and _sre to the list of allowed built-in modules. | Fred Drake | 2001-06-22 | 1 | -1/+1 |
| | |||||
* | Fix SF bug #433904 (Alex Martelli) - all s_* methods return None only. | Guido van Rossum | 2001-06-18 | 1 | -6/+7 |
| | |||||
* | bunch more __all__ lists | Skip Montanaro | 2001-02-15 | 1 | -0/+1 |
| | | | | | | also modified check_all function to suppress all warnings since they aren't relevant to what this test is doing (allows quiet checking of regsub, for instance) | ||||
* | Whitespace normalization. | Tim Peters | 2001-01-15 | 1 | -11/+11 |
| | |||||
* | Add support for "import re" -- it uses pre, but user code does not need | Fred Drake | 2000-10-05 | 1 | -0/+10 |
| | | | | to. | ||||
* | Get rid of the classes RModuleLoader and RModuleImporter -- these were | Guido van Rossum | 1998-09-21 | 1 | -16/+3 |
| | | | | | only there to override reload() in a way that doesn't make a whole lot of sense and moreover broke since the latest changes in ihooks. | ||||
* | (1) Added a sys.exc_info() emulation. (It returns None for the traceback.) | Guido van Rossum | 1998-07-09 | 1 | -15/+57 |
| | | | | | | | (2) Made the test script a bit fancier -- you can now use it to run arbitrary scripts in restricted mode, and it will do the right thing. (The interactive mode is still pretty lame; should integrate this with code.interact().) | ||||
* | For completeness, add a dummy load_package() method to RHooks. It | Guido van Rossum | 1998-06-29 | 1 | -0/+1 |
| | | | | | should never be called, so this isn't really needed, but this signifies that rexec now supports packages -- because ihooks does. | ||||
* | Add the __doc__ string from the original module on copy_none(). | Guido van Rossum | 1998-06-09 | 1 | -1/+3 |
| | |||||
* | A few lines were indented using tabs instead of spaces -- fix them. | Guido van Rossum | 1998-03-26 | 1 | -178/+178 |
| | |||||
* | Add pcre to the list of safe modules. | Guido van Rossum | 1997-10-22 | 1 | -1/+1 |
| | |||||
* | Alas, I have to restore 'marshal', since it is needed by the new | Guido van Rossum | 1997-04-25 | 1 | -2/+1 |
| | | | | | cPickle-compatible pickle, and pickle must be importable in restricted mode. I guess I'll have to make marshal safe. | ||||
* | Removed 'marshal' from the list of "ok" built-in functions -- the | Guido van Rossum | 1997-03-21 | 1 | -1/+1 |
| | | | | | | unmarshalling code is actually rather naive and can easily be caused to crash by feeding it invalid data. This should be fixed in the marshal module, but I don't have the time to fix it now :-( | ||||
* | Make sure ok_builtin_modules, ok_dynamic_modules and | Guido van Rossum | 1996-12-12 | 1 | -4/+4 |
| | | | | builtin_module_names are always tuples. | ||||
* | Don't mix stdout/stderr. | Guido van Rossum | 1996-10-02 | 1 | -2/+2 |
| | |||||
* | Don't die if an ok file method (e.g. fileno) doesn't exist. | Guido van Rossum | 1996-09-30 | 1 | -1/+1 |
| | |||||
* | 1. Correct typo in FileWrapper.close() (fix by AMK). | Guido van Rossum | 1996-09-25 | 1 | -6/+10 |
| | | | | | 2. New trusted built-in modules cmath, errno, operator, parser. 3. Corrected bogus s_apply() -- the new one actually works (reported by AMK). | ||||
* | delattr() can raise AttributeError, not KeyError. | Guido van Rossum | 1996-08-20 | 1 | -2/+2 |
| | | | | Use keyword arg to set verbose flag in test func. | ||||
* | Fixed restore_files(); added reset_files(); made these more flexible. | Guido van Rossum | 1996-06-28 | 1 | -8/+31 |
| | |||||
* | fix typo in load_dynamic | Guido van Rossum | 1996-05-28 | 1 | -1/+1 |
| | |||||
* | Fix some obsolete names comments. | Guido van Rossum | 1996-05-28 | 1 | -12/+53 |
| | | | | | | | | | | | | | Change RHooks() interface to not require a 'rexec' instance argument; added set_rexec() method instead (which must be called by the RExec instance using this RHooks instance). Support dynamic loading of modules, at least for those modules that are ok built-in modules. Added new interfaces set_trusted_path() and load_dynamic() to RExec class (the default trusted path consists of all absolute pathnames in sys.path). Change copy_except() to actually try to delete the exceptions. | ||||
* | make sure the path ends in a slash in reload() | Guido van Rossum | 1995-08-11 | 1 | -1/+1 |
| | |||||
* | fix reload use of __filename__ | Guido van Rossum | 1995-08-10 | 1 | -1/+2 |
| | |||||
* | add module binascii; add r_unload/s_unload; don't change 'rb' to 'r' in open | Guido van Rossum | 1995-08-09 | 1 | -2/+9 |
| | |||||
* | added sys.std files, read-only open, reload | Guido van Rossum | 1995-08-07 | 1 | -3/+104 |
| | |||||
* | new package support, import hooks, restricted execution support | Guido van Rossum | 1995-08-04 | 1 | -164/+197 |
| | |||||
* | use imp.new_module(), not new.module(); and /usr/local | Guido van Rossum | 1995-06-22 | 1 | -4/+4 |
| | |||||
* | allow safe_import to be called with up to 4 args and check for . in name | Guido van Rossum | 1995-03-02 | 1 | -1/+3 |
| | |||||
* | evolution | Guido van Rossum | 1995-01-17 | 1 | -16/+4 |
| | |||||
* | new files | Guido van Rossum | 1995-01-12 | 1 | -0/+184 |