[Distutils] easy_install runnable in a sandbox environment?
pje at telecommunity.com
Thu May 10 05:30:25 CEST 2012
On Wed, May 9, 2012 at 6:42 PM, Rick van der Zwet <info at rickvanderzwet.nl>wrote:
> Quite some time ago, their has been comments in the changelog (06.c4)
> stating that running easy_install without /dev/urandom should be
> Fixed not allowing os.open() of paths outside the sandbox, even if
> they are opened read-only (e.g. reading /dev/urandom for random
> numbers, as is done by os.urandom() on some platforms).
> While this was back in 2006, I was wondering what the current state of
> affairs which regards of requiring the /dev/urandom as of today? Am I
> looking at a feature request, bug report or design limitation?
You're confusing easy_install's internal sandboxing with running
easy_install in a chroot environment. easy_install runs setup scripts in a
Python sandbox that disallows certain file accesses in order to handle
badly-coded setup.py files that copy files directly to guessed installation
locations, instead of relying on the distutils to do the copying. The
change notes you're reading are discussing *that* sandbox, which is
internal to Python/setuptools and is unrelated to chrooting.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Distutils-SIG