SF bug 533625 (Armin Rigo). rexec: potential security hole

If a rexec instance allows writing in the current directory (a common thing to do), there's a way to execute bogus bytecode. Fix this by not allowing imports from .pyc files (in a way that allows a site to configure things so that .pyc files *are* allowed, if writing is not allowed). I'll apply this to 2.2 and 2.1 too.
2025-08-30 13:38:43 +00:00 · 2002-05-31 21:12:53 +00:00 · 2002-05-31 21:12:53 +00:00 · 59b2a74c75
commit 59b2a74c75
parent 9788384d02
2 changed files with 23 additions and 1 deletions
--- a/Lib/rexec.py
+++ b/Lib/rexec.py
@ -22,6 +22,7 @@ import sys
 import __builtin__
 import os
 import ihooks
+import imp

 __all__ = ["RExec"]

@ -83,6 +84,9 @@ class RHooks(ihooks.Hooks):
        # Called by RExec instance to complete initialization
        self.rexec = rexec

+    def get_suffixes(self):
+        return self.rexec.get_suffixes()
+
    def is_builtin(self, name):
        return self.rexec.is_builtin(name)

@ -144,6 +148,8 @@ class RExec(ihooks._Verbose):

    nok_builtin_names = ('open', 'file', 'reload', '__import__')

+    ok_file_types = (imp.C_EXTENSION, imp.PY_SOURCE)
+
    def __init__(self, hooks = None, verbose = 0):
        """Returns an instance of the RExec class.

@ -203,7 +209,6 @@ class RExec(ihooks._Verbose):
        if sys.modules.has_key(name):
            src = sys.modules[name]
        else:
-            import imp
            src = imp.load_dynamic(name, filename, file)
        dst = self.copy_except(src, [])
        return dst
@ -214,6 +219,11 @@ class RExec(ihooks._Verbose):

    # Helpers for RHooks

+    def get_suffixes(self):
+        return [item   # (suff, mode, type)
+                for item in imp.get_suffixes()
+                if item[2] in self.ok_file_types]
+
    def is_builtin(self, mname):
        return mname in self.ok_builtin_modules