using CGI module on (slightly) hamstrung machines

Rob Sykes Robert_NJ_Sykes at msn.co.uk
Fri Aug 9 11:50:39 CEST 2002


Hi all,

My ISP has recently introduced support for Python CGI scripting 
(hurrah!)

However, for security reasons, not all the functionality exists:
specifically when attempting to import the CGI module, I get
the following error


Traceback (most recent call last):
  File "./collect.py", line 3, in ?
    import cgi, sys 
  File "/usr/local/lib/python2.2/cgi.py", line 39, in ?
    import urllib
  File "/usr/local/lib/python2.2/urllib.py", line 26, in ?
    import socket
  File "/usr/local/lib/python2.2/socket.py", line 41, in ?
    from _socket import *
ImportError: ld.so.1: /usr/local/bin/python: fatal: libssl.so.0.9.6: 
open failed: No such file or directory

My ISP is loath to allow the creation of arbitrary sockets, hence
the absence of this library


I have traced the function calls and found that the only function
the CGI module requires out of urllib is 

def unquote(s):
    	<snip>


Now it is trivial to modify the CGI module to include this function
definition and to avoid references to urllib altogether (and I have 
done so) but I would rather avoid messing around with the standard 
distribution if I can

So, two solutions are possible

1) Including the modified CGI (as above) in the standard 
distribution

2) Moving the various quote/unquote functions out of urllib to
'somewhere else' and altering dependant files accordingly


(There is also 3) get my ISP to make the necessary changes in their
installation. I have e-mailed them to see if this can be done as 
I'm sure that this will not effect only me)


1), as I have said, is trivial. 2) would take (a lot?) more work

Do people think that there is any mileage in either of these ideas 
and if so what is the best method for me to request/initiate the 
change (PEP, direct pleading, etc..)

-- 
Rob Sykes 

Born again Bairn                  | 'The despair I can live with.
rob at john-richard dot co dot uk |  It's the hope I can't stand' 
(Anon.)
(header email for spambots)



More information about the Python-list mailing list