[Python-checkins] r55385 - python/branches/bcannon-objcap/BRANCH_NOTES python/branches/bcannon-objcap/secure_python.c
brett.cannon
python-checkins at python.org
Wed May 16 20:59:17 CEST 2007
Author: brett.cannon
Date: Wed May 16 20:59:12 2007
New Revision: 55385
Modified:
python/branches/bcannon-objcap/BRANCH_NOTES
python/branches/bcannon-objcap/secure_python.c
Log:
Dirty hack to make imports work as 'open' is needed by importlib. Better fix
in controlled_importlib but that has not yet been tested.
Also flesh out what should probably be tested.
Modified: python/branches/bcannon-objcap/BRANCH_NOTES
==============================================================================
--- python/branches/bcannon-objcap/BRANCH_NOTES (original)
+++ python/branches/bcannon-objcap/BRANCH_NOTES Wed May 16 20:59:12 2007
@@ -12,9 +12,20 @@
======
Status
======
-* Decide how to squirrel away and access 'open'.
* Turn on whitelisting.
+ - Verify injecting 'open' into importlib works.
* Write tests.
+ - Import
+ + Delegate protects importlib.
+ + Whitelisting works.
+ * Name fall-through to alternate implementation.
+ + '.hidden' cannot be imported.
+ + Removed modules cannot be imported (unless whitelisted).
+ - Built-in namespace properly cleansed.
+ + Nothing exposed through __builtin__ or __builtins__.
+ - Types crippled.
+ + file
+ + code
==========
References
Modified: python/branches/bcannon-objcap/secure_python.c
==============================================================================
--- python/branches/bcannon-objcap/secure_python.c (original)
+++ python/branches/bcannon-objcap/secure_python.c Wed May 16 20:59:12 2007
@@ -26,6 +26,11 @@
import_module = PyImport_ImportModule("importlib");
+ /* XXX Hack to make importlib work w/o 'open' in the built-in namespace.
+ Fixed in controlled_importlib. */
+ PyDict_SetItemString(PyModule_GetDict(import_module), "open",
+ PyDict_GetItemString(interp->builtins, "open"));
+
import_callable = PyObject_CallMethod(import_module, "Import", "");
/* Store import machinery somewhere so that a reference is held as
More information about the Python-checkins
mailing list