Backport (the relevant part of) rexec.py 1.41.

Address SF bug #577530: del __builtins__ breaks out of rexec Using the suggestion there: add_module() forces __builtin__ back; this fixes r_exec, r_eval, r_execfile. This does not mean that rexec is now considered safe! But for those willing to take the risk, it's safer than before. (Note that a safety analysis of the code module would be wise if you plan to use the interactive console for real -- I've only ever used it to play with restricted mode.)

Backport (the relevant part of) rexec.py 1.41.
Address SF bug #577530: del __builtins__ breaks out of rexec Using the suggestion there: add_module() forces __builtin__ back; this fixes r_exec, r_eval, r_execfile. This does not mean that rexec is now considered safe! But for those willing to take the risk, it's safer than before. (Note that a safety analysis of the code module would be wise if you plan to use the interactive console for real -- I've only ever used it to play with restricted mode.)
d412a12f · Guido van Rossum · 163262e3 · d412a12f
Kaydet (Commit) d412a12f authored Eyl 15, 2002 tarafından Guido van Rossum
Hide whitespace changes
Inline Side-by-side

Showing with 3 additions and 3 deletions

rexec.py Lib/rexec.py +3 -3

No files found.
--- a/Lib/rexec.py
+++ b/Lib/rexec.py
@@ -288,9 +288,9 @@ class RExec(ihooks._Verbose):
    # Add a module -- return an existing module or create one

    def add_module(self, mname):
-        if self.modules.has_key(mname):
-            return self.modules[mname]
-        self.modules[mname] = m = self.hooks.new_module(mname)
+        m = self.modules.get(mname)
+        if m is None:
+            self.modules[mname] = m = self.hooks.new_module(mname)
        m.__builtins__ = self.modules['__builtin__']
        return m