Commit Graph

48 Commits

Author SHA1 Message Date
Guido van Rossum
68468eba63 Get rid of many apply() calls. 2003-02-27 20:14:51 +00:00
Guido van Rossum
34a2e08586 Sabotage rexec.py. It is not safe since the new-style classes. 2003-01-06 15:43:34 +00:00
Gustavo Niemeyer
d5ae01a803 Applying patch
[#636769] Fix for major rexec bugs

* Lib/rexec.py
  (FileBase): Added 'xreadlines' and '__iter__' to allowed file methods.
  (FileWrapper.__init__): Removed unnecessary self.f variable, which gave
  direct access to the file object.
  (RExec): Added 'xreadlines' and '_weakref' to allowed modules.
  (RExec.r_open): Convert string subclasses to a real string classes
  before doing comparisons with mode parameter.

* Lib/ihooks.py
  (BasicModuleImporter.import_module/reload/unload): Convert the module
  name to a real string before working with it.
  (ModuleImporter.import_module/import_it/reload): Convert the module
  name to a real strings before working with it.

* Misc/NEWS
  Document the change.
2002-12-16 13:11:57 +00:00
Fred Drake
a0f453b2b1 Allow restricted code to get byteorder, getdefaultencoding(),
getrefcount(), maxunicode, and version_info.
2002-10-11 16:20:45 +00:00
Jeremy Hylton
83d0fd2fd1 Trying alphabet again 2002-10-11 16:05:07 +00:00
Jeremy Hylton
a325c42b2d Sort names alphabetically. 2002-10-11 15:55:17 +00:00
Jeremy Hylton
69dc0c5bf5 Add hexversion to list of safe sys names (SF bug 621447).
Bug fix candidate.
2002-10-11 15:51:29 +00:00
Guido van Rossum
7f7c3d0a9c Address SF bug #577530: del __builtins__ breaks out of rexec
Using the suggestion there: add_module() forces __builtin__ back; this
fixes r_exec, r_eval, r_execfile.  The interactive console had to be
fixed separately, because it doesn't use r_exec, but relies on the
'locals' dict having the right __builtins__.  Fixed this by
subclassing InteractiveConsole and overriding runcode(), which does
the exec.  This changes the banner output slightly: instead of
starting with *** RESTRICTED ***, a subtler (RestrictedConsole) is
printed before the first >>> prompt.

Also import readline (if it exists) when the interactive console is
used, for more convenient input editing and history.

This does not mean that rexec is now considered safe!  But for those
willing to take the risk, it's safer than before.  (Note that a safety
analysis of the code module would be wise if you plan to use the
interactive console for real -- I've only ever used it to play with
restricted mode.)

This should be backported to 2.2 and 2.1.
2002-09-15 06:00:43 +00:00
Guido van Rossum
da07ea7282 Use code.interact(), which is even simpler, *and* imports readline
when it can.
2002-06-14 13:54:26 +00:00
Guido van Rossum
2aabac8276 Don't poorly emulate the interactive interpreter, use
code.InteractiveConsole to do a much better job.
2002-06-14 13:48:25 +00:00
Raymond Hettinger
54f0222547 SF 563203. Replaced 'has_key()' with 'in'. 2002-06-01 14:18:47 +00:00
Guido van Rossum
59b2a74c75 SF bug 533625 (Armin Rigo). rexec: potential security hole
If a rexec instance allows writing in the current directory (a common
thing to do), there's a way to execute bogus bytecode.  Fix this by
not allowing imports from .pyc files (in a way that allows a site to
configure things so that .pyc files *are* allowed, if writing is not
allowed).

I'll apply this to 2.2 and 2.1 too.
2002-05-31 21:12:53 +00:00
Raymond Hettinger
1dbe6c0728 Move statement out of comment block 2002-05-30 00:06:01 +00:00
Raymond Hettinger
aef22fb9cd Patch 560023 adding docstrings. 2.2 Candidate (after verifying modules were not updated after 2.2). 2002-05-29 16:18:42 +00:00
Fred Drake
f902296a18 Ignore execfile() return value; reported by Neal Norwitz. 2001-10-13 18:34:42 +00:00
Tim Peters
8fa45677c1 Now that file objects are subclassable, you can get at the file constructor
just by doing type(f) where f is any file object.  This left a hole in
restricted execution mode that rexec.py can't plug by itself (although it
can plug part of it; the rest is plugged in fileobject.c now).
2001-09-13 21:01:29 +00:00
Guido van Rossum
97dbec97bc Remove redundant import (PyChecker).
Update greeting message to avoid the long copyright notice.
2001-08-13 15:58:26 +00:00
Fred Drake
56b5fdd295 Remove make_re() function; this is no longer needed since _sre and pcre
are now allowed by ok_builtin_modules.  This effectively backs out
revision 1.26.

This closes SF bug #448546.
2001-08-07 19:49:15 +00:00
Fred Drake
a2d848e99c Add sha and _sre to the list of allowed built-in modules. 2001-06-22 18:19:16 +00:00
Guido van Rossum
183a2f2437 Fix SF bug #433904 (Alex Martelli) - all s_* methods return None only. 2001-06-18 12:33:36 +00:00
Skip Montanaro
0de65807e6 bunch more __all__ lists
also modified check_all function to suppress all warnings since they aren't
relevant to what this test is doing (allows quiet checking of regsub, for
instance)
2001-02-15 22:15:14 +00:00
Tim Peters
0c9886d589 Whitespace normalization. 2001-01-15 01:18:21 +00:00
Fred Drake
034c2a9f7a Add support for "import re" -- it uses pre, but user code does not need
to.
2000-10-05 20:42:44 +00:00
Guido van Rossum
f07029e4ba Get rid of the classes RModuleLoader and RModuleImporter -- these were
only there to override reload() in a way that doesn't make a whole lot
of sense and moreover broke since the latest changes in ihooks.
1998-09-21 14:53:26 +00:00
Guido van Rossum
eeb64287f1 (1) Added a sys.exc_info() emulation. (It returns None for the traceback.)
(2) Made the test script a bit fancier -- you can now use it to run
arbitrary scripts in restricted mode, and it will do the right thing.
(The interactive mode is still pretty lame; should integrate this with
code.interact().)
1998-07-09 13:52:38 +00:00
Guido van Rossum
8b3282be9f For completeness, add a dummy load_package() method to RHooks. It
should never be called, so this isn't really needed, but this
signifies that rexec now supports packages -- because ihooks does.
1998-06-29 20:32:57 +00:00
Guido van Rossum
1f40cd6314 Add the __doc__ string from the original module on copy_none(). 1998-06-09 21:33:44 +00:00
Guido van Rossum
3ec38f0ee4 A few lines were indented using tabs instead of spaces -- fix them. 1998-03-26 22:10:50 +00:00
Guido van Rossum
426916e50e Add pcre to the list of safe modules. 1997-10-22 20:56:32 +00:00
Guido van Rossum
faeae5cd78 Alas, I have to restore 'marshal', since it is needed by the new
cPickle-compatible pickle, and pickle must be importable in restricted
mode.  I guess I'll have to make marshal safe.
1997-04-25 19:10:15 +00:00
Guido van Rossum
3ee6b195bb Removed 'marshal' from the list of "ok" built-in functions -- the
unmarshalling code is actually rather naive and can easily be
caused to crash by feeding it invalid data.  This should be fixed in
the marshal module, but I don't have the time to fix it now :-(
1997-03-21 21:18:16 +00:00
Guido van Rossum
32616fbee6 Make sure ok_builtin_modules, ok_dynamic_modules and
builtin_module_names are always tuples.
1996-12-12 21:31:52 +00:00
Guido van Rossum
fe779a1dc8 Don't mix stdout/stderr. 1996-10-02 14:57:28 +00:00
Guido van Rossum
dfd9cb1e12 Don't die if an ok file method (e.g. fileno) doesn't exist. 1996-09-30 18:50:44 +00:00
Guido van Rossum
e7b9fde1b8 1. Correct typo in FileWrapper.close() (fix by AMK).
2. New trusted built-in modules cmath, errno, operator, parser.
3. Corrected bogus s_apply() -- the new one actually works (reported by AMK).
1996-09-25 18:47:39 +00:00
Guido van Rossum
63f0cf0840 delattr() can raise AttributeError, not KeyError.
Use keyword arg to set verbose flag in test func.
1996-08-20 20:25:08 +00:00
Guido van Rossum
cd6aab91a5 Fixed restore_files(); added reset_files(); made these more flexible. 1996-06-28 17:28:51 +00:00
Guido van Rossum
3ada87a508 fix typo in load_dynamic 1996-05-28 23:34:10 +00:00
Guido van Rossum
fdd45cb858 Fix some obsolete names comments.
Change RHooks() interface to not require a 'rexec' instance argument;
added set_rexec() method instead (which must be called by the RExec
instance using this RHooks instance).

Support dynamic loading of modules, at least for those modules that
are ok built-in modules.  Added new interfaces set_trusted_path() and
load_dynamic() to RExec class (the default trusted path consists of
all absolute pathnames in sys.path).

Change copy_except() to actually try to delete the exceptions.
1996-05-28 23:07:17 +00:00
Guido van Rossum
1035a892a1 make sure the path ends in a slash in reload() 1995-08-11 13:56:04 +00:00
Guido van Rossum
1859600357 fix reload use of __filename__ 1995-08-10 19:40:39 +00:00
Guido van Rossum
bebe5157a5 add module binascii; add r_unload/s_unload; don't change 'rb' to 'r' in open 1995-08-09 02:32:08 +00:00
Guido van Rossum
1383356039 added sys.std files, read-only open, reload 1995-08-07 20:19:27 +00:00
Guido van Rossum
40d1ea3b9c new package support, import hooks, restricted execution support 1995-08-04 03:59:03 +00:00
Guido van Rossum
b47281539a use imp.new_module(), not new.module(); and /usr/local 1995-06-22 18:55:10 +00:00
Guido van Rossum
b5f9460556 allow safe_import to be called with up to 4 args and check for . in name 1995-03-02 15:30:15 +00:00
Guido van Rossum
8e8a525f22 evolution 1995-01-17 15:58:37 +00:00
Guido van Rossum
9a22de101f new files 1995-01-12 12:29:47 +00:00