diff options
| author | Philip Jenvey <pjenvey@underboss.org> | 2009-10-12 14:47:40 -0700 |
|---|---|---|
| committer | Philip Jenvey <pjenvey@underboss.org> | 2009-10-12 14:47:40 -0700 |
| commit | 7ed4be906cc7195c4d15bdd7a8b2bfa8474cc6be (patch) | |
| tree | e9992d69e8fe291bcee66933a5db5d1b97f2e6d9 | |
| parent | 568eb8dea7dc2eee2577f3181566247bb06abb73 (diff) | |
| download | external_python_setuptools-7ed4be906cc7195c4d15bdd7a8b2bfa8474cc6be.tar.gz external_python_setuptools-7ed4be906cc7195c4d15bdd7a8b2bfa8474cc6be.tar.bz2 external_python_setuptools-7ed4be906cc7195c4d15bdd7a8b2bfa8474cc6be.zip | |
fix a hole in sandboxing allowing builtin file to write outside of the sandbox
--HG--
branch : distribute
extra : rebase_source : 5ff181b30f41080ec0e0628c96abf270ffe1a730
| -rw-r--r-- | CHANGES.txt | 2 | ||||
| -rwxr-xr-x | setuptools/sandbox.py | 6 |
2 files changed, 8 insertions, 0 deletions
diff --git a/CHANGES.txt b/CHANGES.txt index 21624f32..4c16f37a 100644 --- a/CHANGES.txt +++ b/CHANGES.txt @@ -6,6 +6,8 @@ CHANGES 0.6.5 ----- +* Fixed a hole in sandboxing allowing builtin file to write outside of + the sandbox. ----- 0.6.4 diff --git a/setuptools/sandbox.py b/setuptools/sandbox.py index 67cedde6..7b487833 100755 --- a/setuptools/sandbox.py +++ b/setuptools/sandbox.py @@ -168,6 +168,12 @@ class DirectorySandbox(AbstractSandbox): def _violation(self, operation, *args, **kw): raise SandboxViolation(operation, args, kw) + if _file: + def _file(self, path, mode='r', *args, **kw): + if mode not in ('r', 'rt', 'rb', 'rU', 'U') and not self._ok(path): + self._violation("file", path, mode, *args, **kw) + return _file(path,mode,*args,**kw) + def _open(self, path, mode='r', *args, **kw): if mode not in ('r', 'rt', 'rb', 'rU', 'U') and not self._ok(path): self._violation("open", path, mode, *args, **kw) |