SF bug 533625 (Armin Rigo). rexec: potential security hole
If a rexec instance allows writing in the current directory (a common
thing to do), there's a way to execute bogus bytecode. Fix this by
not allowing imports from .pyc files (in a way that allows a site to
configure things so that .pyc files *are* allowed, if writing is not
allowed).
I'll apply this to 2.2 and 2.1 too.
diff --git a/Lib/rexec.py b/Lib/rexec.py
index 7a239bc..04ff405 100644
--- a/Lib/rexec.py
+++ b/Lib/rexec.py
@@ -22,6 +22,7 @@
import __builtin__
import os
import ihooks
+import imp
__all__ = ["RExec"]
@@ -83,6 +84,9 @@
# Called by RExec instance to complete initialization
self.rexec = rexec
+ def get_suffixes(self):
+ return self.rexec.get_suffixes()
+
def is_builtin(self, name):
return self.rexec.is_builtin(name)
@@ -144,6 +148,8 @@
nok_builtin_names = ('open', 'file', 'reload', '__import__')
+ ok_file_types = (imp.C_EXTENSION, imp.PY_SOURCE)
+
def __init__(self, hooks = None, verbose = 0):
"""Returns an instance of the RExec class.
@@ -203,7 +209,6 @@
if sys.modules.has_key(name):
src = sys.modules[name]
else:
- import imp
src = imp.load_dynamic(name, filename, file)
dst = self.copy_except(src, [])
return dst
@@ -214,6 +219,11 @@
# Helpers for RHooks
+ def get_suffixes(self):
+ return [item # (suff, mode, type)
+ for item in imp.get_suffixes()
+ if item[2] in self.ok_file_types]
+
def is_builtin(self, mname):
return mname in self.ok_builtin_modules