[Python-checkins] r55683 - in python/branches/bcannon-objcap: BRANCH_NOTES secure_python.c tests/fail/dangerous_things_inaccessible.py tests/succeed/import_safe_builtin.py

brett.cannon python-checkins at python.org
Wed May 30 22:16:43 CEST 2007 

Author: brett.cannon
Date: Wed May 30 22:16:42 2007
New Revision: 55683

Modified:
   python/branches/bcannon-objcap/BRANCH_NOTES
   python/branches/bcannon-objcap/secure_python.c
   python/branches/bcannon-objcap/tests/fail/dangerous_things_inaccessible.py
   python/branches/bcannon-objcap/tests/succeed/import_safe_builtin.py
Log:
Remove SystemExit from the built-in namespace.  Also block the importation of
the 'exceptions' module.

This is needed as the interpreter calls Py_Finalize() if SystemExit propagates
to the top of the call chain.  Don't want that unless finalization on the
interpreter is explicitly desired.


Modified: python/branches/bcannon-objcap/BRANCH_NOTES
==============================================================================
--- python/branches/bcannon-objcap/BRANCH_NOTES	(original)
+++ python/branches/bcannon-objcap/BRANCH_NOTES	Wed May 30 22:16:42 2007
@@ -27,12 +27,13 @@
     + Requires sys.setdefaultencoding() which is deleted by site.py .
     + reload(sys) normally adds it, but hack to do a fresh import on sys is
       preventing that from happening somehow.
+    + reload() going away in Python 3.0.
 
 
 =====
 To Do
 =====
-* Deal with exit()/SystemExit.
+Nothing.
 
 
 ==========

Modified: python/branches/bcannon-objcap/secure_python.c
==============================================================================
--- python/branches/bcannon-objcap/secure_python.c	(original)
+++ python/branches/bcannon-objcap/secure_python.c	Wed May 30 22:16:42 2007
@@ -26,11 +26,10 @@
     PyObject *hidden_modules;
     PyObject *import_module;
     PyObject *import_callable;
-    Py_ssize_t safe_builtins_count = 7;
+    Py_ssize_t safe_builtins_count = 6;
     /* All whitelisted modules should be imported in the proper test file. */
     const char *safe_builtins_names[] = {"_ast", "_codecs", "_sre",
-					  "_symtable", "_types", "errno",
-					  "exceptions"};
+					  "_symtable", "_types", "errno"};
     Py_ssize_t safe_frozen_count = 0;
     const char *safe_frozen_names[] = {};
     PyObject *safe_builtins_seq;
@@ -89,8 +88,6 @@
 	   Lose this and Python will not run.
        * __main__
 	   Current scope of execution.
-       * exceptions
-	   Safe to keep around.
        * encodings
 	   Does dynamic import of encodings which requires globals() to
 	   work; globals() fails when the module has been deleted.  Also
@@ -118,7 +115,6 @@
 	    /* Modules that *must* stay visible. */
 	    if ((strcmp(module_name, "__builtin__") == 0) ||
 			    (strcmp(module_name, "__main__") == 0) ||
-			    (strcmp(module_name, "exceptions") == 0) ||
 			    (strcmp(module_name, "encodings") == 0) ||
 			    (strcmp(module_name, "codecs") == 0) ||
 			    (strcmp(module_name, "_codecs") == 0)) {
@@ -148,6 +144,7 @@
     /* Remove dangerous built-ins. */
     PyDict_DelItemString(interp->builtins, "execfile");
     PyDict_DelItemString(interp->builtins, "open");
+    PyDict_DelItemString(interp->builtins, "SystemExit");
 
   /* Use interpreter. */
     return_val = Py_Main(argc, argv);

Modified: python/branches/bcannon-objcap/tests/fail/dangerous_things_inaccessible.py
==============================================================================
--- python/branches/bcannon-objcap/tests/fail/dangerous_things_inaccessible.py	(original)
+++ python/branches/bcannon-objcap/tests/fail/dangerous_things_inaccessible.py	Wed May 30 22:16:42 2007
@@ -8,6 +8,9 @@
 # Needed to look for 'open' and 'execfile'.
 builtin_fxn_type = type(any)
 dangerous_builtins = ('open', 'execfile')
+# Needed for SystemExit.
+exc_type = type(Exception)
+dangerous_exceptions = ('SystemExit',)
 
 def check_imported_modules(module):
     """Recursively check that the module (and the modules it imports) do not
@@ -27,6 +30,9 @@
         elif isinstance(attr, builtin_fxn_type):
             if attr_name in dangerous_builtins:
                 raise Exception
+        elif isinstance(attr, exc_type):
+            if attr_name in dangerous_exceptions:
+                raise Exception
 
 
 import __builtin__
@@ -35,9 +41,6 @@
 import __main__
 check_imported_modules(__main__)
 
-import exceptions
-check_imported_modules(exceptions)
-
 import encodings
 check_imported_modules(encodings)
 

Modified: python/branches/bcannon-objcap/tests/succeed/import_safe_builtin.py
==============================================================================
--- python/branches/bcannon-objcap/tests/succeed/import_safe_builtin.py	(original)
+++ python/branches/bcannon-objcap/tests/succeed/import_safe_builtin.py	Wed May 30 22:16:42 2007
@@ -5,4 +5,3 @@
 # Also tests that modules moved to .hidden can be imported again.
 import _types
 import errno
-import exceptions

More information about the Python-checkins mailing list