[Python-checkins] python/dist/src/Doc/lib librexec.tex,1.18,1.18.8.1
gvanrossum@users.sourceforge.net
gvanrossum@users.sourceforge.net
Fri, 31 May 2002 14:17:55 -0700
Update of /cvsroot/python/python/dist/src/Doc/lib
In directory usw-pr-cvs1:/tmp/cvs-serv699/Doc/lib
Modified Files:
Tag: release22-maint
librexec.tex
Log Message:
Backport to 2.2.x:
SF bug 533625 (Armin Rigo). rexec: potential security hole
If a rexec instance allows writing in the current directory (a common
thing to do), there's a way to execute bogus bytecode. Fix this by
not allowing imports from .pyc files (in a way that allows a site to
configure things so that .pyc files *are* allowed, if writing is not
allowed).
Index: librexec.tex
===================================================================
RCS file: /cvsroot/python/python/dist/src/Doc/lib/librexec.tex,v
retrieving revision 1.18
retrieving revision 1.18.8.1
diff -C2 -d -r1.18 -r1.18.8.1
*** librexec.tex 20 Oct 2001 04:24:09 -0000 1.18
--- librexec.tex 31 May 2002 21:17:53 -0000 1.18.8.1
***************
*** 212,215 ****
--- 212,227 ----
\end{memberdesc}
+ \begin{memberdesc}{ok_file_types}
+ Contains the file types from which modules are allowed to be loaded.
+ Each file type is an integer constant defined in the \refmodule{imp} module.
+ The meaningful values are \constant{PY_SOURCE}, \constant{PY_COMPILED}, and
+ \constant{C_EXTENSION}. The value for \class{RExec} is \code{(C_EXTENSION,
+ PY_SOURCE)}. Adding \constant{PY_COMPILED} in subclasses is not recommended;
+ an attacker could exit the restricted execution mode by putting a forged
+ byte-compiled file (\file{.pyc}) anywhere in your file system, for example
+ by writing it to \file{/tmp} or uploading it to the \file{/incoming}
+ directory of your public FTP server.
+ \end{memberdesc}
+
\subsection{An example}