[Python-checkins] CVS: python/dist/src/Objects fileobject.c,2.123,2.124

Tim Peters tim_one@users.sourceforge.net
Thu, 13 Sep 2001 14:01:31 -0700


Update of /cvsroot/python/python/dist/src/Objects
In directory usw-pr-cvs1:/tmp/cvs-serv5024/python/Objects

Modified Files:
	fileobject.c 
Log Message:
Now that file objects are subclassable, you can get at the file constructor
just by doing type(f) where f is any file object.  This left a hole in
restricted execution mode that rexec.py can't plug by itself (although it
can plug part of it; the rest is plugged in fileobject.c now).


Index: fileobject.c
===================================================================
RCS file: /cvsroot/python/python/dist/src/Objects/fileobject.c,v
retrieving revision 2.123
retrieving revision 2.124
diff -C2 -d -r2.123 -r2.124
*** fileobject.c	2001/09/13 05:38:55	2.123
--- fileobject.c	2001/09/13 21:01:29	2.124
***************
*** 93,96 ****
--- 93,104 ----
  	assert(mode != NULL);
  
+ 	/* rexec.py can't stop a user from getting the file() constructor --
+ 	   all they have to do is get *any* file object f, and then do
+ 	   type(f).  Here we prevent them from doing damage with it. */
+ 	if (PyEval_GetRestricted()) {
+ 		PyErr_SetString(PyExc_IOError,
+ 			"file() constructor not accessible in restricted mode");
+ 		return NULL;
+ 	}
  #ifdef HAVE_FOPENRF
  	if (*mode == '*') {