[Python-checkins] r51657 - python/branches/bcannon-objcap/BRANCHNEWS python/branches/bcannon-objcap/securing_python.txt

brett.cannon python-checkins at python.org
Thu Aug 31 00:05:49 CEST 2006 

Author: brett.cannon
Date: Thu Aug 31 00:05:48 2006
New Revision: 51657

Modified:
   python/branches/bcannon-objcap/BRANCHNEWS
   python/branches/bcannon-objcap/securing_python.txt
Log:
Update status with 'file' initializer removed.

Modified: python/branches/bcannon-objcap/BRANCHNEWS
==============================================================================
--- python/branches/bcannon-objcap/BRANCHNEWS	(original)
+++ python/branches/bcannon-objcap/BRANCHNEWS	Thu Aug 31 00:05:48 2006
@@ -5,5 +5,17 @@
 Core and builtins
 -----------------
 
+* rev. 51656: Remove initializer from 'file'.  By leaving tp_new alone you can
+  still subclass 'file' (although its usefulness as a subclass is doubtful when
+  its tp_init is empty and that is what actually opens the file descriptor).
+  Created a new function, PyFile_UnsafeOpen() which is what the built-in open()
+  function is now set to.  Also changed the bz2 module to use it.
+
+  Still need to decide how to handle subclasses of 'file' so they are not
+  totally useless (special function that calls the needed initializer on a
+  'file' object?).  Also need to come up with C API that opens files through
+  the built-in open() instead of doing it directly so as to not bypass
+  security.
+
 * rev. 51392: Introduce objcap module to hold removed functions/methods.  Begin
   with moving object.__subclasses__().

Modified: python/branches/bcannon-objcap/securing_python.txt
==============================================================================
--- python/branches/bcannon-objcap/securing_python.txt	(original)
+++ python/branches/bcannon-objcap/securing_python.txt	Thu Aug 31 00:05:48 2006
@@ -7,11 +7,11 @@
 + Remove object.__subclasses__ (`Mutable Shared State`_) [done]
 + Dangerous constructors (`Constructors`_)
     - file
-        * Create PyFile_InsecureOpen()
+        * Create PyFile_UnsafeOpen() [done]
         * Switch current C-level uses of 'file' constructor to
-          PyFile_InsecureOpen().
-            + built-in open()
-            + bz2 module
+          PyFile_UnsafeOpen(). [done]
+            + built-in open() [done]
+            + bz2 module [done]
         * Create PyFile_Safe*() version of C API that goes through
           open() built-in.
             + Convert C strings to Python objects and do a direct

More information about the Python-checkins mailing list