[Python-checkins] r55683 - in python/branches/bcannon-objcap: BRANCH_NOTES secure_python.c tests/fail/dangerous_things_inaccessible.py tests/succeed/import_safe_builtin.py

brett.cannon python-checkins at python.org
Wed May 30 22:16:43 CEST 2007

• Previous message: [Python-checkins] r55682 - python/branches/cpy_merge/Modules/_string_iomodule.c
• Next message: [Python-checkins] r55684 - python/branches/bcannon-objcap/BRANCHNEWS
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---

Author: brett.cannon
Date: Wed May 30 22:16:42 2007
New Revision: 55683
Modified:
 python/branches/bcannon-objcap/BRANCH_NOTES
 python/branches/bcannon-objcap/secure_python.c
 python/branches/bcannon-objcap/tests/fail/dangerous_things_inaccessible.py
 python/branches/bcannon-objcap/tests/succeed/import_safe_builtin.py
Log:
Remove SystemExit from the built-in namespace. Also block the importation of
the 'exceptions' module.
This is needed as the interpreter calls Py_Finalize() if SystemExit propagates
to the top of the call chain. Don't want that unless finalization on the
interpreter is explicitly desired.
Modified: python/branches/bcannon-objcap/BRANCH_NOTES
==============================================================================
--- python/branches/bcannon-objcap/BRANCH_NOTES	(original)
+++ python/branches/bcannon-objcap/BRANCH_NOTES	Wed May 30 22:16:42 2007
@@ -27,12 +27,13 @@
 + Requires sys.setdefaultencoding() which is deleted by site.py .
 + reload(sys) normally adds it, but hack to do a fresh import on sys is
 preventing that from happening somehow.
+ + reload() going away in Python 3.0.
 
 
 =====
 To Do
 =====
-* Deal with exit()/SystemExit.
+Nothing.
 
 
 ==========
Modified: python/branches/bcannon-objcap/secure_python.c
==============================================================================
--- python/branches/bcannon-objcap/secure_python.c	(original)
+++ python/branches/bcannon-objcap/secure_python.c	Wed May 30 22:16:42 2007
@@ -26,11 +26,10 @@
 PyObject *hidden_modules;
 PyObject *import_module;
 PyObject *import_callable;
- Py_ssize_t safe_builtins_count = 7;
+ Py_ssize_t safe_builtins_count = 6;
 /* All whitelisted modules should be imported in the proper test file. */
 const char *safe_builtins_names[] = {"_ast", "_codecs", "_sre",
-					 "_symtable", "_types", "errno",
-					 "exceptions"};
+					 "_symtable", "_types", "errno"};
 Py_ssize_t safe_frozen_count = 0;
 const char *safe_frozen_names[] = {};
 PyObject *safe_builtins_seq;
@@ -89,8 +88,6 @@
 	 Lose this and Python will not run.
 * __main__
 	 Current scope of execution.
- * exceptions
-	 Safe to keep around.
 * encodings
 	 Does dynamic import of encodings which requires globals() to
 	 work; globals() fails when the module has been deleted. Also
@@ -118,7 +115,6 @@
 	 /* Modules that *must* stay visible. */
 	 if ((strcmp(module_name, "__builtin__") == 0) ||
 			 (strcmp(module_name, "__main__") == 0) ||
-			 (strcmp(module_name, "exceptions") == 0) ||
 			 (strcmp(module_name, "encodings") == 0) ||
 			 (strcmp(module_name, "codecs") == 0) ||
 			 (strcmp(module_name, "_codecs") == 0)) {
@@ -148,6 +144,7 @@
 /* Remove dangerous built-ins. */
 PyDict_DelItemString(interp->builtins, "execfile");
 PyDict_DelItemString(interp->builtins, "open");
+ PyDict_DelItemString(interp->builtins, "SystemExit");
 
 /* Use interpreter. */
 return_val = Py_Main(argc, argv);
Modified: python/branches/bcannon-objcap/tests/fail/dangerous_things_inaccessible.py
==============================================================================
--- python/branches/bcannon-objcap/tests/fail/dangerous_things_inaccessible.py	(original)
+++ python/branches/bcannon-objcap/tests/fail/dangerous_things_inaccessible.py	Wed May 30 22:16:42 2007
@@ -8,6 +8,9 @@
 # Needed to look for 'open' and 'execfile'.
 builtin_fxn_type = type(any)
 dangerous_builtins = ('open', 'execfile')
+# Needed for SystemExit.
+exc_type = type(Exception)
+dangerous_exceptions = ('SystemExit',)
 
 def check_imported_modules(module):
 """Recursively check that the module (and the modules it imports) do not
@@ -27,6 +30,9 @@
 elif isinstance(attr, builtin_fxn_type):
 if attr_name in dangerous_builtins:
 raise Exception
+ elif isinstance(attr, exc_type):
+ if attr_name in dangerous_exceptions:
+ raise Exception
 
 
 import __builtin__
@@ -35,9 +41,6 @@
 import __main__
 check_imported_modules(__main__)
 
-import exceptions
-check_imported_modules(exceptions)
-
 import encodings
 check_imported_modules(encodings)
 
Modified: python/branches/bcannon-objcap/tests/succeed/import_safe_builtin.py
==============================================================================
--- python/branches/bcannon-objcap/tests/succeed/import_safe_builtin.py	(original)
+++ python/branches/bcannon-objcap/tests/succeed/import_safe_builtin.py	Wed May 30 22:16:42 2007
@@ -5,4 +5,3 @@
 # Also tests that modules moved to .hidden can be imported again.
 import _types
 import errno
-import exceptions

---

• Previous message: [Python-checkins] r55682 - python/branches/cpy_merge/Modules/_string_iomodule.c
• Next message: [Python-checkins] r55684 - python/branches/bcannon-objcap/BRANCHNEWS
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---

More information about the Python-checkins mailing list