[Python-checkins] r55385 - python/branches/bcannon-objcap/BRANCH_NOTES python/branches/bcannon-objcap/secure_python.c

brett.cannon python-checkins at python.org
Wed May 16 20:59:17 CEST 2007 

Author: brett.cannon
Date: Wed May 16 20:59:12 2007
New Revision: 55385

Modified:
   python/branches/bcannon-objcap/BRANCH_NOTES
   python/branches/bcannon-objcap/secure_python.c
Log:
Dirty hack to make imports work as 'open' is needed by importlib.  Better fix
in controlled_importlib but that has not yet been tested.

Also flesh out what should probably be tested.


Modified: python/branches/bcannon-objcap/BRANCH_NOTES
==============================================================================
--- python/branches/bcannon-objcap/BRANCH_NOTES	(original)
+++ python/branches/bcannon-objcap/BRANCH_NOTES	Wed May 16 20:59:12 2007
@@ -12,9 +12,20 @@
 ======
 Status
 ======
-* Decide how to squirrel away and access 'open'.
 * Turn on whitelisting.
+    - Verify injecting 'open' into importlib works.
 * Write tests.
+    - Import
+        + Delegate protects importlib.
+        + Whitelisting works.
+            * Name fall-through to alternate implementation.
+        + '.hidden' cannot be imported.
+        + Removed modules cannot be imported (unless whitelisted).
+    - Built-in namespace properly cleansed.
+        + Nothing exposed through __builtin__ or __builtins__.
+    - Types crippled.
+        + file
+        + code
 
 ==========
 References

Modified: python/branches/bcannon-objcap/secure_python.c
==============================================================================
--- python/branches/bcannon-objcap/secure_python.c	(original)
+++ python/branches/bcannon-objcap/secure_python.c	Wed May 16 20:59:12 2007
@@ -26,6 +26,11 @@
 
     import_module = PyImport_ImportModule("importlib");
 
+    /* XXX Hack to make importlib work w/o 'open' in the built-in namespace.
+       Fixed in controlled_importlib.  */
+    PyDict_SetItemString(PyModule_GetDict(import_module), "open",
+		    PyDict_GetItemString(interp->builtins, "open"));
+
     import_callable = PyObject_CallMethod(import_module, "Import", "");
 
     /* Store import machinery somewhere so that a reference is held as

More information about the Python-checkins mailing list