[Python-checkins] r52010 - in python/branches/bcannon-objcap: Lib/test/test_interpreter.py securing_python.txt
brett.cannon
python-checkins at python.org
Tue Sep 26 22:52:32 CEST 2006
Author: brett.cannon
Date: Tue Sep 26 22:52:32 2006
New Revision: 52010
Modified:
python/branches/bcannon-objcap/Lib/test/test_interpreter.py
python/branches/bcannon-objcap/securing_python.txt
Log:
Verified that exit() does not cause the entire process to exit.
Modified: python/branches/bcannon-objcap/Lib/test/test_interpreter.py
==============================================================================
--- python/branches/bcannon-objcap/Lib/test/test_interpreter.py (original)
+++ python/branches/bcannon-objcap/Lib/test/test_interpreter.py Tue Sep 26 22:52:32 2006
@@ -1,4 +1,4 @@
-""" Things to protect (and thus test) against:
+""" Things to protect (and thus test) against:
* Importing
+ built-ins
+ .pyc/.pyo
@@ -270,6 +270,8 @@
self.failUnlessRaises(RuntimeError, self.interp.execute,
"raise SystemExit")
self.failUnless(self.interp.exc_matches(SystemExit))
+ self.failUnlessRaises(RuntimeError, self.interp.execute, "exit()")
+ self.failUnless(self.interp.exc_matches(SystemExit))
def test_main():
Modified: python/branches/bcannon-objcap/securing_python.txt
==============================================================================
--- python/branches/bcannon-objcap/securing_python.txt (original)
+++ python/branches/bcannon-objcap/securing_python.txt Tue Sep 26 22:52:32 2006
@@ -20,7 +20,7 @@
- frame
* do not allow importing 'sys' module to get to
sys._getframe(), sys._current_frames(), or setting a trace
- or profile function.
+ or profile function. <critical>
- object() [done]
* Remove object.__subclasses__ (`Mutable Shared State`_) [done]
+ Sandboxed versions of built-ins (`Sanitizing Built-In Types`_)
@@ -34,8 +34,7 @@
* Just promote removal
- exit()
* Have SystemExit exit the process only if no other
- interpreters are running. <critical> [done]
- * XXX Safe?
+ interpreters are running. [done]
+ Filesystem path hiding (`Filesystem Information`_) <critical?>
+ Tweaked stdlib modules
- mini 'sys' module (`Making the ``sys`` Module Safe`_)
More information about the Python-checkins
mailing list