[Python-checkins] r51657 - python/branches/bcannon-objcap/BRANCHNEWS python/branches/bcannon-objcap/securing_python.txt
brett.cannon
python-checkins at python.org
Thu Aug 31 00:05:49 CEST 2006
Author: brett.cannon
Date: Thu Aug 31 00:05:48 2006
New Revision: 51657
Modified:
python/branches/bcannon-objcap/BRANCHNEWS
python/branches/bcannon-objcap/securing_python.txt
Log:
Update status with 'file' initializer removed.
Modified: python/branches/bcannon-objcap/BRANCHNEWS
==============================================================================
--- python/branches/bcannon-objcap/BRANCHNEWS (original)
+++ python/branches/bcannon-objcap/BRANCHNEWS Thu Aug 31 00:05:48 2006
@@ -5,5 +5,17 @@
Core and builtins
-----------------
+* rev. 51656: Remove initializer from 'file'. By leaving tp_new alone you can
+ still subclass 'file' (although its usefulness as a subclass is doubtful when
+ its tp_init is empty and that is what actually opens the file descriptor).
+ Created a new function, PyFile_UnsafeOpen() which is what the built-in open()
+ function is now set to. Also changed the bz2 module to use it.
+
+ Still need to decide how to handle subclasses of 'file' so they are not
+ totally useless (special function that calls the needed initializer on a
+ 'file' object?). Also need to come up with C API that opens files through
+ the built-in open() instead of doing it directly so as to not bypass
+ security.
+
* rev. 51392: Introduce objcap module to hold removed functions/methods. Begin
with moving object.__subclasses__().
Modified: python/branches/bcannon-objcap/securing_python.txt
==============================================================================
--- python/branches/bcannon-objcap/securing_python.txt (original)
+++ python/branches/bcannon-objcap/securing_python.txt Thu Aug 31 00:05:48 2006
@@ -7,11 +7,11 @@
+ Remove object.__subclasses__ (`Mutable Shared State`_) [done]
+ Dangerous constructors (`Constructors`_)
- file
- * Create PyFile_InsecureOpen()
+ * Create PyFile_UnsafeOpen() [done]
* Switch current C-level uses of 'file' constructor to
- PyFile_InsecureOpen().
- + built-in open()
- + bz2 module
+ PyFile_UnsafeOpen(). [done]
+ + built-in open() [done]
+ + bz2 module [done]
* Create PyFile_Safe*() version of C API that goes through
open() built-in.
+ Convert C strings to Python objects and do a direct
More information about the Python-checkins
mailing list