Commit Graph

46 Commits

Author SHA1 Message Date
Gustavo Niemeyer d5ae01a803 Applying patch
[#636769] Fix for major rexec bugs

* Lib/rexec.py
  (FileBase): Added 'xreadlines' and '__iter__' to allowed file methods.
  (FileWrapper.__init__): Removed unnecessary self.f variable, which gave
  direct access to the file object.
  (RExec): Added 'xreadlines' and '_weakref' to allowed modules.
  (RExec.r_open): Convert string subclasses to a real string classes
  before doing comparisons with mode parameter.

* Lib/ihooks.py
  (BasicModuleImporter.import_module/reload/unload): Convert the module
  name to a real string before working with it.
  (ModuleImporter.import_module/import_it/reload): Convert the module
  name to a real strings before working with it.

* Misc/NEWS
  Document the change.
2002-12-16 13:11:57 +00:00
Fred Drake a0f453b2b1 Allow restricted code to get byteorder, getdefaultencoding(),
getrefcount(), maxunicode, and version_info.
2002-10-11 16:20:45 +00:00
Jeremy Hylton 83d0fd2fd1 Trying alphabet again 2002-10-11 16:05:07 +00:00
Jeremy Hylton a325c42b2d Sort names alphabetically. 2002-10-11 15:55:17 +00:00
Jeremy Hylton 69dc0c5bf5 Add hexversion to list of safe sys names (SF bug 621447).
Bug fix candidate.
2002-10-11 15:51:29 +00:00
Guido van Rossum 7f7c3d0a9c Address SF bug #577530: del __builtins__ breaks out of rexec
Using the suggestion there: add_module() forces __builtin__ back; this
fixes r_exec, r_eval, r_execfile.  The interactive console had to be
fixed separately, because it doesn't use r_exec, but relies on the
'locals' dict having the right __builtins__.  Fixed this by
subclassing InteractiveConsole and overriding runcode(), which does
the exec.  This changes the banner output slightly: instead of
starting with *** RESTRICTED ***, a subtler (RestrictedConsole) is
printed before the first >>> prompt.

Also import readline (if it exists) when the interactive console is
used, for more convenient input editing and history.

This does not mean that rexec is now considered safe!  But for those
willing to take the risk, it's safer than before.  (Note that a safety
analysis of the code module would be wise if you plan to use the
interactive console for real -- I've only ever used it to play with
restricted mode.)

This should be backported to 2.2 and 2.1.
2002-09-15 06:00:43 +00:00
Guido van Rossum da07ea7282 Use code.interact(), which is even simpler, *and* imports readline
when it can.
2002-06-14 13:54:26 +00:00
Guido van Rossum 2aabac8276 Don't poorly emulate the interactive interpreter, use
code.InteractiveConsole to do a much better job.
2002-06-14 13:48:25 +00:00
Raymond Hettinger 54f0222547 SF 563203. Replaced 'has_key()' with 'in'. 2002-06-01 14:18:47 +00:00
Guido van Rossum 59b2a74c75 SF bug 533625 (Armin Rigo). rexec: potential security hole
If a rexec instance allows writing in the current directory (a common
thing to do), there's a way to execute bogus bytecode.  Fix this by
not allowing imports from .pyc files (in a way that allows a site to
configure things so that .pyc files *are* allowed, if writing is not
allowed).

I'll apply this to 2.2 and 2.1 too.
2002-05-31 21:12:53 +00:00
Raymond Hettinger 1dbe6c0728 Move statement out of comment block 2002-05-30 00:06:01 +00:00
Raymond Hettinger aef22fb9cd Patch 560023 adding docstrings. 2.2 Candidate (after verifying modules were not updated after 2.2). 2002-05-29 16:18:42 +00:00
Fred Drake f902296a18 Ignore execfile() return value; reported by Neal Norwitz. 2001-10-13 18:34:42 +00:00
Tim Peters 8fa45677c1 Now that file objects are subclassable, you can get at the file constructor
just by doing type(f) where f is any file object.  This left a hole in
restricted execution mode that rexec.py can't plug by itself (although it
can plug part of it; the rest is plugged in fileobject.c now).
2001-09-13 21:01:29 +00:00
Guido van Rossum 97dbec97bc Remove redundant import (PyChecker).
Update greeting message to avoid the long copyright notice.
2001-08-13 15:58:26 +00:00
Fred Drake 56b5fdd295 Remove make_re() function; this is no longer needed since _sre and pcre
are now allowed by ok_builtin_modules.  This effectively backs out
revision 1.26.

This closes SF bug #448546.
2001-08-07 19:49:15 +00:00
Fred Drake a2d848e99c Add sha and _sre to the list of allowed built-in modules. 2001-06-22 18:19:16 +00:00
Guido van Rossum 183a2f2437 Fix SF bug #433904 (Alex Martelli) - all s_* methods return None only. 2001-06-18 12:33:36 +00:00
Skip Montanaro 0de65807e6 bunch more __all__ lists
also modified check_all function to suppress all warnings since they aren't
relevant to what this test is doing (allows quiet checking of regsub, for
instance)
2001-02-15 22:15:14 +00:00
Tim Peters 0c9886d589 Whitespace normalization. 2001-01-15 01:18:21 +00:00
Fred Drake 034c2a9f7a Add support for "import re" -- it uses pre, but user code does not need
to.
2000-10-05 20:42:44 +00:00
Guido van Rossum f07029e4ba Get rid of the classes RModuleLoader and RModuleImporter -- these were
only there to override reload() in a way that doesn't make a whole lot
of sense and moreover broke since the latest changes in ihooks.
1998-09-21 14:53:26 +00:00
Guido van Rossum eeb64287f1 (1) Added a sys.exc_info() emulation. (It returns None for the traceback.)
(2) Made the test script a bit fancier -- you can now use it to run
arbitrary scripts in restricted mode, and it will do the right thing.
(The interactive mode is still pretty lame; should integrate this with
code.interact().)
1998-07-09 13:52:38 +00:00
Guido van Rossum 8b3282be9f For completeness, add a dummy load_package() method to RHooks. It
should never be called, so this isn't really needed, but this
signifies that rexec now supports packages -- because ihooks does.
1998-06-29 20:32:57 +00:00
Guido van Rossum 1f40cd6314 Add the __doc__ string from the original module on copy_none(). 1998-06-09 21:33:44 +00:00
Guido van Rossum 3ec38f0ee4 A few lines were indented using tabs instead of spaces -- fix them. 1998-03-26 22:10:50 +00:00
Guido van Rossum 426916e50e Add pcre to the list of safe modules. 1997-10-22 20:56:32 +00:00
Guido van Rossum faeae5cd78 Alas, I have to restore 'marshal', since it is needed by the new
cPickle-compatible pickle, and pickle must be importable in restricted
mode.  I guess I'll have to make marshal safe.
1997-04-25 19:10:15 +00:00
Guido van Rossum 3ee6b195bb Removed 'marshal' from the list of "ok" built-in functions -- the
unmarshalling code is actually rather naive and can easily be
caused to crash by feeding it invalid data.  This should be fixed in
the marshal module, but I don't have the time to fix it now :-(
1997-03-21 21:18:16 +00:00
Guido van Rossum 32616fbee6 Make sure ok_builtin_modules, ok_dynamic_modules and
builtin_module_names are always tuples.
1996-12-12 21:31:52 +00:00
Guido van Rossum fe779a1dc8 Don't mix stdout/stderr. 1996-10-02 14:57:28 +00:00
Guido van Rossum dfd9cb1e12 Don't die if an ok file method (e.g. fileno) doesn't exist. 1996-09-30 18:50:44 +00:00
Guido van Rossum e7b9fde1b8 1. Correct typo in FileWrapper.close() (fix by AMK).
2. New trusted built-in modules cmath, errno, operator, parser.
3. Corrected bogus s_apply() -- the new one actually works (reported by AMK).
1996-09-25 18:47:39 +00:00
Guido van Rossum 63f0cf0840 delattr() can raise AttributeError, not KeyError.
Use keyword arg to set verbose flag in test func.
1996-08-20 20:25:08 +00:00
Guido van Rossum cd6aab91a5 Fixed restore_files(); added reset_files(); made these more flexible. 1996-06-28 17:28:51 +00:00
Guido van Rossum 3ada87a508 fix typo in load_dynamic 1996-05-28 23:34:10 +00:00
Guido van Rossum fdd45cb858 Fix some obsolete names comments.
Change RHooks() interface to not require a 'rexec' instance argument;
added set_rexec() method instead (which must be called by the RExec
instance using this RHooks instance).

Support dynamic loading of modules, at least for those modules that
are ok built-in modules.  Added new interfaces set_trusted_path() and
load_dynamic() to RExec class (the default trusted path consists of
all absolute pathnames in sys.path).

Change copy_except() to actually try to delete the exceptions.
1996-05-28 23:07:17 +00:00
Guido van Rossum 1035a892a1 make sure the path ends in a slash in reload() 1995-08-11 13:56:04 +00:00
Guido van Rossum 1859600357 fix reload use of __filename__ 1995-08-10 19:40:39 +00:00
Guido van Rossum bebe5157a5 add module binascii; add r_unload/s_unload; don't change 'rb' to 'r' in open 1995-08-09 02:32:08 +00:00
Guido van Rossum 1383356039 added sys.std files, read-only open, reload 1995-08-07 20:19:27 +00:00
Guido van Rossum 40d1ea3b9c new package support, import hooks, restricted execution support 1995-08-04 03:59:03 +00:00
Guido van Rossum b47281539a use imp.new_module(), not new.module(); and /usr/local 1995-06-22 18:55:10 +00:00
Guido van Rossum b5f9460556 allow safe_import to be called with up to 4 args and check for . in name 1995-03-02 15:30:15 +00:00
Guido van Rossum 8e8a525f22 evolution 1995-01-17 15:58:37 +00:00
Guido van Rossum 9a22de101f new files 1995-01-12 12:29:47 +00:00