| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
[#636769] Fix for major rexec bugs
* Lib/rexec.py
(FileBase): Added 'xreadlines' and '__iter__' to allowed file methods.
(FileWrapper.__init__): Removed unnecessary self.f variable, which gave
direct access to the file object.
(RExec): Added 'xreadlines' and '_weakref' to allowed modules.
(RExec.r_open): Convert string subclasses to a real string classes
before doing comparisons with mode parameter.
* Lib/ihooks.py
(BasicModuleImporter.import_module/reload/unload): Convert the module
name to a real string before working with it.
(ModuleImporter.import_module/import_it/reload): Convert the module
name to a real strings before working with it.
* Misc/NEWS
Document the change.
|
| |
|
|
| |
getrefcount(), maxunicode, and version_info.
|
| | |
|
| | |
|
| |
|
|
| |
Bug fix candidate.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Using the suggestion there: add_module() forces __builtin__ back; this
fixes r_exec, r_eval, r_execfile. The interactive console had to be
fixed separately, because it doesn't use r_exec, but relies on the
'locals' dict having the right __builtins__. Fixed this by
subclassing InteractiveConsole and overriding runcode(), which does
the exec. This changes the banner output slightly: instead of
starting with *** RESTRICTED ***, a subtler (RestrictedConsole) is
printed before the first >>> prompt.
Also import readline (if it exists) when the interactive console is
used, for more convenient input editing and history.
This does not mean that rexec is now considered safe! But for those
willing to take the risk, it's safer than before. (Note that a safety
analysis of the code module would be wise if you plan to use the
interactive console for real -- I've only ever used it to play with
restricted mode.)
This should be backported to 2.2 and 2.1.
|
| |
|
|
| |
when it can.
|
| |
|
|
| |
code.InteractiveConsole to do a much better job.
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
If a rexec instance allows writing in the current directory (a common
thing to do), there's a way to execute bogus bytecode. Fix this by
not allowing imports from .pyc files (in a way that allows a site to
configure things so that .pyc files *are* allowed, if writing is not
allowed).
I'll apply this to 2.2 and 2.1 too.
|
| | |
|
| |
|
|
| |
not updated after 2.2).
|
| | |
|
| |
|
|
|
|
| |
just by doing type(f) where f is any file object. This left a hole in
restricted execution mode that rexec.py can't plug by itself (although it
can plug part of it; the rest is plugged in fileobject.c now).
|
| |
|
|
| |
Update greeting message to avoid the long copyright notice.
|
| |
|
|
|
|
|
| |
are now allowed by ok_builtin_modules. This effectively backs out
revision 1.26.
This closes SF bug #448546.
|
| | |
|
| | |
|
| |
|
|
|
|
| |
also modified check_all function to suppress all warnings since they aren't
relevant to what this test is doing (allows quiet checking of regsub, for
instance)
|
| | |
|
| |
|
|
| |
to.
|
| |
|
|
|
| |
only there to override reload() in a way that doesn't make a whole lot
of sense and moreover broke since the latest changes in ihooks.
|
| |
|
|
|
|
|
| |
(2) Made the test script a bit fancier -- you can now use it to run
arbitrary scripts in restricted mode, and it will do the right thing.
(The interactive mode is still pretty lame; should integrate this with
code.interact().)
|
| |
|
|
|
| |
should never be called, so this isn't really needed, but this
signifies that rexec now supports packages -- because ihooks does.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
cPickle-compatible pickle, and pickle must be importable in restricted
mode. I guess I'll have to make marshal safe.
|
| |
|
|
|
|
| |
unmarshalling code is actually rather naive and can easily be
caused to crash by feeding it invalid data. This should be fixed in
the marshal module, but I don't have the time to fix it now :-(
|
| |
|
|
| |
builtin_module_names are always tuples.
|
| | |
|
| | |
|
| |
|
|
|
| |
2. New trusted built-in modules cmath, errno, operator, parser.
3. Corrected bogus s_apply() -- the new one actually works (reported by AMK).
|
| |
|
|
| |
Use keyword arg to set verbose flag in test func.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Change RHooks() interface to not require a 'rexec' instance argument;
added set_rexec() method instead (which must be called by the RExec
instance using this RHooks instance).
Support dynamic loading of modules, at least for those modules that
are ok built-in modules. Added new interfaces set_trusted_path() and
load_dynamic() to RExec class (the default trusted path consists of
all absolute pathnames in sys.path).
Change copy_except() to actually try to delete the exceptions.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
