[New-bugs-announce] [issue38078] IDLE: Don't run internal code in user namespace.
Terry J. Reedy
report at bugs.python.org
Mon Sep 9 21:37:51 EDT 2019
New submission from Terry J. Reedy <tjreedy at udel.edu>:
#38077 fixed the bug of internal runcommand code not deleting 'argv' from the user namespace. This issue is about not running code there.
When a subprocess is running, pyshell.ModifiedInterpreter.runcommand runs python code created by IDLE in locals == __main__.__dict__, the same as code enter by a user. This requires that the code carefully clean up after itself. I believe the same effect could by had more safely by exec-ing internal commands in the run module dict or a fresh temporary dict.
Possible solution. In run.Executive.runcode, add 'user=True' to runcode signature, add 'if user else {}' to 'self.locals' arg, and add
def runcommand(self, code):
return self.runcode(code, user=False). Then replace 'runcode' with 'runcommand' in pyshell runcommand body.
----------
assignee: terry.reedy
components: IDLE
messages: 351562
nosy: terry.reedy
priority: normal
severity: normal
stage: needs patch
status: open
title: IDLE: Don't run internal code in user namespace.
type: behavior
versions: Python 3.7, Python 3.8, Python 3.9
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue38078>
_______________________________________
More information about the New-bugs-announce
mailing list