]> granicus.if.org Git - python/commit
projects / python / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 9788384) | patch
SF bug 533625 (Armin Rigo). rexec: potential security hole
authorGuido van Rossum <guido@python.org>
Fri, 31 May 2002 21:12:53 +0000 (21:12 +0000)
committerGuido van Rossum <guido@python.org>
Fri, 31 May 2002 21:12:53 +0000 (21:12 +0000)
commit59b2a74c752578cb67b02b6966f283fd049f646a
tree0d22cefbca493f99f939e16753be892069b2ef94tree | snapshot
parent9788384d02a21982bbbdfc97dc95d5502bad1f42commit | diff
SF bug 533625 (Armin Rigo). rexec: potential security hole

If a rexec instance allows writing in the current directory (a common
thing to do), there's a way to execute bogus bytecode.  Fix this by
not allowing imports from .pyc files (in a way that allows a site to
configure things so that .pyc files *are* allowed, if writing is not
allowed).

I'll apply this to 2.2 and 2.1 too.
Doc/lib/librexec.tex diff | blob | history
Lib/rexec.py diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.