mirrors/cpython
1
0
Fork 0
mirror of https://github.com/python/cpython.git synced 2025-08-04 17:08:35 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 13

Now that file objects are subclassable, you can get at the file constructor

Browse source 
just by doing type(f) where f is any file object.  This left a hole in
restricted execution mode that rexec.py can't plug by itself (although it
can plug part of it; the rest is plugged in fileobject.c now).
This commit is contained in:
Tim Peters 2001-09-13 21:01:29 +00:00
parent 561f899d19
commit 8fa45677c1
3 changed files with 52 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

8
Objects/fileobject.c
View file

@ -92,6 +92,14 @@ open_the_file(PyFileObject *f, char *name, char *mode)
assert(name != NULL);
assert(mode != NULL);
/* rexec.py can't stop a user from getting the file() constructor --
all they have to do is get *any* file object f, and then do
type(f). Here we prevent them from doing damage with it. */
if (PyEval_GetRestricted()) {
PyErr_SetString(PyExc_IOError,
"file() constructor not accessible in restricted mode");
return NULL;
}
#ifdef HAVE_FOPENRF
if (*mode == '*') {
FILE *fopenRF();