[Patches] [ python-Patches-1429539 ] pdb: fix for 1326406 (import __main__ pdb failure)

SourceForge.net noreply at sourceforge.net
Thu Apr 20 13:17:04 CEST 2006 

Patches item #1429539, was opened at 2006-02-11 03:34
Message generated for change (Comment added) made by jakamkon
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=305470&aid=1429539&group_id=5470

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: Library (Lib)
Group: None
Status: Open
Resolution: None
Priority: 5
Submitted By: Ilya Sandler (isandler)
Assigned to: Nobody/Anonymous (nobody)
Summary: pdb: fix for  1326406 (import  __main__ pdb failure)

Initial Comment:
The patch allows pdb to debug program which 
import from __main__


----------------------------------------------------------------------

Comment By: Kuba Kończyk (jakamkon)
Date: 2006-04-20 11:17

Message:
Logged In: YES 
user_id=1491175

I think that exposing pdb's namespaces for debugged code is
dangerous.When debugged code have this kind of access he can
dynamic change pdb's behaviour without your control:

y.py:
die = """\
def destroy(x,y):
        print 'Iam crashing your HOME and deleting your FILES'

Pdb.__dict__['do_break'] = destroy # pdb's break = destroy
"""
x.py:
# innocently looking code;)
import y
exec(y.puff)
print "X"

with your patch:
$ python2.5 -m pdb x.py
> /home/xyz/python/x.py(1)<module>()
-> import y
(Pdb) Pdb.__dict__['do_break']
<function do_break at 0xb7cafdf4>
(Pdb) break
(Pdb) n
> /home/xyz/python/x.py(2)<module>()
-> exec(y.puff)
(Pdb) n
> /home/xyz/python/x.py(3)<module>()
-> print "X"
(Pdb) Pdb.__dict__['do_break']
<function destroy at 0xb7cb81b4>
(Pdb) break
Iam crashing your HOME and deleting your FILES

I think that this patch can't be accepted due to above
reason.According to my advanced reaserch;) ( find Lib/ -name
'*.py' -exec grep 'from __main__ import' {} -ls \; ) 'from
__main__' is rare case so maybe it will be reasonable to
simply handle ImportError and print something like
'** 'from __main__ import' not supported' message.What do  
you think?       
  

----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=305470&aid=1429539&group_id=5470

More information about the Patches mailing list