Fixed not allowing ``os.open()`` of paths outside the sandbox, even if they

are opened read-only (e.g. reading ``/dev/urandom`` for random numbers, as
is done by ``os.urandom()`` on some platforms).
(backport from trunk)

--HG--
branch : setuptools-0.6
extra : convert_revision : svn%3A6015fed2-1504-0410-9fe1-9d1591cc4771/sandbox/branches/setuptools-0.6%4052438

EasyInstall.txt

@@ -1265,6 +1265,10 @@ Release Notes/Change History
  * Allow explicit selection of Sourceforge mirror(s) with ``--sf-mirror``, and
    further refine download/retry algorithm.
 
+ * Fixed not allowing ``os.open()`` of paths outside the sandbox, even if they
+   are opened read-only (e.g. reading ``/dev/urandom`` for random numbers, as
+   is done by ``os.urandom()`` on some platforms).
+
 0.6c3
  * You once again use "python -m easy_install" with Python 2.4 and above.
 

setuptools/sandbox.py

-import os, sys, __builtin__, tempfile
+import os, sys, __builtin__, tempfile, operator
 _os = sys.modules[os.name]
 _open = open
 from distutils.errors import DistutilsError
@@ -187,6 +187,21 @@ class DirectorySandbox(AbstractSandbox):
             self._violation(operation, src, dst, *args, **kw)
         return (src,dst)
 
+    def open(self, file, flags, mode=0777):
+        """Called for low-level os.open()"""
+        if flags & WRITE_FLAGS:
+            self._violation("open", file, flags, mode)
+        return _os.open(file,flags,mode)
+
+
+WRITE_FLAGS = reduce(
+    operator.or_,
+    [getattr(_os, a, 0) for a in
+        "O_WRONLY O_RDWR O_APPEND O_CREAT O_TRUNC O_TEMPORARY".split()]
+)
+
+
+
 
 class SandboxViolation(DistutilsError):
     """A setup script attempted to modify the filesystem outside the sandbox"""
@@ -203,3 +218,29 @@ script by hand.  Please inform the package's author and the EasyInstall
 maintainers to find out if a fix or workaround is available.""" % self.args
 
 
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+#