Commit Graph

38 Commits

Author SHA1 Message Date
Raymond Hettinger 54f0222547 SF 563203. Replaced 'has_key()' with 'in'. 2002-06-01 14:18:47 +00:00
Guido van Rossum 59b2a74c75 SF bug 533625 (Armin Rigo). rexec: potential security hole
If a rexec instance allows writing in the current directory (a common
thing to do), there's a way to execute bogus bytecode.  Fix this by
not allowing imports from .pyc files (in a way that allows a site to
configure things so that .pyc files *are* allowed, if writing is not
allowed).

I'll apply this to 2.2 and 2.1 too.
2002-05-31 21:12:53 +00:00
Raymond Hettinger 1dbe6c0728 Move statement out of comment block 2002-05-30 00:06:01 +00:00
Raymond Hettinger aef22fb9cd Patch 560023 adding docstrings. 2.2 Candidate (after verifying modules were not updated after 2.2). 2002-05-29 16:18:42 +00:00
Fred Drake f902296a18 Ignore execfile() return value; reported by Neal Norwitz. 2001-10-13 18:34:42 +00:00
Tim Peters 8fa45677c1 Now that file objects are subclassable, you can get at the file constructor
just by doing type(f) where f is any file object.  This left a hole in
restricted execution mode that rexec.py can't plug by itself (although it
can plug part of it; the rest is plugged in fileobject.c now).
2001-09-13 21:01:29 +00:00
Guido van Rossum 97dbec97bc Remove redundant import (PyChecker).
Update greeting message to avoid the long copyright notice.
2001-08-13 15:58:26 +00:00
Fred Drake 56b5fdd295 Remove make_re() function; this is no longer needed since _sre and pcre
are now allowed by ok_builtin_modules.  This effectively backs out
revision 1.26.

This closes SF bug #448546.
2001-08-07 19:49:15 +00:00
Fred Drake a2d848e99c Add sha and _sre to the list of allowed built-in modules. 2001-06-22 18:19:16 +00:00
Guido van Rossum 183a2f2437 Fix SF bug #433904 (Alex Martelli) - all s_* methods return None only. 2001-06-18 12:33:36 +00:00
Skip Montanaro 0de65807e6 bunch more __all__ lists
also modified check_all function to suppress all warnings since they aren't
relevant to what this test is doing (allows quiet checking of regsub, for
instance)
2001-02-15 22:15:14 +00:00
Tim Peters 0c9886d589 Whitespace normalization. 2001-01-15 01:18:21 +00:00
Fred Drake 034c2a9f7a Add support for "import re" -- it uses pre, but user code does not need
to.
2000-10-05 20:42:44 +00:00
Guido van Rossum f07029e4ba Get rid of the classes RModuleLoader and RModuleImporter -- these were
only there to override reload() in a way that doesn't make a whole lot
of sense and moreover broke since the latest changes in ihooks.
1998-09-21 14:53:26 +00:00
Guido van Rossum eeb64287f1 (1) Added a sys.exc_info() emulation. (It returns None for the traceback.)
(2) Made the test script a bit fancier -- you can now use it to run
arbitrary scripts in restricted mode, and it will do the right thing.
(The interactive mode is still pretty lame; should integrate this with
code.interact().)
1998-07-09 13:52:38 +00:00
Guido van Rossum 8b3282be9f For completeness, add a dummy load_package() method to RHooks. It
should never be called, so this isn't really needed, but this
signifies that rexec now supports packages -- because ihooks does.
1998-06-29 20:32:57 +00:00
Guido van Rossum 1f40cd6314 Add the __doc__ string from the original module on copy_none(). 1998-06-09 21:33:44 +00:00
Guido van Rossum 3ec38f0ee4 A few lines were indented using tabs instead of spaces -- fix them. 1998-03-26 22:10:50 +00:00
Guido van Rossum 426916e50e Add pcre to the list of safe modules. 1997-10-22 20:56:32 +00:00
Guido van Rossum faeae5cd78 Alas, I have to restore 'marshal', since it is needed by the new
cPickle-compatible pickle, and pickle must be importable in restricted
mode.  I guess I'll have to make marshal safe.
1997-04-25 19:10:15 +00:00
Guido van Rossum 3ee6b195bb Removed 'marshal' from the list of "ok" built-in functions -- the
unmarshalling code is actually rather naive and can easily be
caused to crash by feeding it invalid data.  This should be fixed in
the marshal module, but I don't have the time to fix it now :-(
1997-03-21 21:18:16 +00:00
Guido van Rossum 32616fbee6 Make sure ok_builtin_modules, ok_dynamic_modules and
builtin_module_names are always tuples.
1996-12-12 21:31:52 +00:00
Guido van Rossum fe779a1dc8 Don't mix stdout/stderr. 1996-10-02 14:57:28 +00:00
Guido van Rossum dfd9cb1e12 Don't die if an ok file method (e.g. fileno) doesn't exist. 1996-09-30 18:50:44 +00:00
Guido van Rossum e7b9fde1b8 1. Correct typo in FileWrapper.close() (fix by AMK).
2. New trusted built-in modules cmath, errno, operator, parser.
3. Corrected bogus s_apply() -- the new one actually works (reported by AMK).
1996-09-25 18:47:39 +00:00
Guido van Rossum 63f0cf0840 delattr() can raise AttributeError, not KeyError.
Use keyword arg to set verbose flag in test func.
1996-08-20 20:25:08 +00:00
Guido van Rossum cd6aab91a5 Fixed restore_files(); added reset_files(); made these more flexible. 1996-06-28 17:28:51 +00:00
Guido van Rossum 3ada87a508 fix typo in load_dynamic 1996-05-28 23:34:10 +00:00
Guido van Rossum fdd45cb858 Fix some obsolete names comments.
Change RHooks() interface to not require a 'rexec' instance argument;
added set_rexec() method instead (which must be called by the RExec
instance using this RHooks instance).

Support dynamic loading of modules, at least for those modules that
are ok built-in modules.  Added new interfaces set_trusted_path() and
load_dynamic() to RExec class (the default trusted path consists of
all absolute pathnames in sys.path).

Change copy_except() to actually try to delete the exceptions.
1996-05-28 23:07:17 +00:00
Guido van Rossum 1035a892a1 make sure the path ends in a slash in reload() 1995-08-11 13:56:04 +00:00
Guido van Rossum 1859600357 fix reload use of __filename__ 1995-08-10 19:40:39 +00:00
Guido van Rossum bebe5157a5 add module binascii; add r_unload/s_unload; don't change 'rb' to 'r' in open 1995-08-09 02:32:08 +00:00
Guido van Rossum 1383356039 added sys.std files, read-only open, reload 1995-08-07 20:19:27 +00:00
Guido van Rossum 40d1ea3b9c new package support, import hooks, restricted execution support 1995-08-04 03:59:03 +00:00
Guido van Rossum b47281539a use imp.new_module(), not new.module(); and /usr/local 1995-06-22 18:55:10 +00:00
Guido van Rossum b5f9460556 allow safe_import to be called with up to 4 args and check for . in name 1995-03-02 15:30:15 +00:00
Guido van Rossum 8e8a525f22 evolution 1995-01-17 15:58:37 +00:00
Guido van Rossum 9a22de101f new files 1995-01-12 12:29:47 +00:00