fix a hole in sandboxing allowing builtin file to write outside of the sandbox

--HG-- branch : distribute extra : rebase_source : 5ff181b30f41080ec0e0628c96abf270ffe1a730

fix a hole in sandboxing allowing builtin file to write outside of the sandbox
--HG-- branch : distribute extra : rebase_source : 5ff181b30f41080ec0e0628c96abf270ffe1a730
7ed4be90 · Philip Jenvey · 568eb8de · 7ed4be90 · 7ed4be90
Commit 7ed4be90 authored Oct 12, 2009 by Philip Jenvey
Hide whitespace changes
Inline Side-by-side

Showing with 8 additions and 0 deletions

CHANGES.txt CHANGES.txt +2 -0

setuptools/sandbox.py setuptools/sandbox.py +6 -0

No files found.
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@ -6,6 +6,8 @@ CHANGES
 0.6.5
 -----

+* Fixed a hole in sandboxing allowing builtin file to write outside of
+  the sandbox.

 -----
 0.6.4

--- a/setuptools/sandbox.py
+++ b/setuptools/sandbox.py
@@ -168,6 +168,12 @@ class DirectorySandbox(AbstractSandbox):
    def _violation(self, operation, *args, **kw):
        raise SandboxViolation(operation, args, kw)

+    if _file:
+        def _file(self, path, mode='r', *args, **kw):
+            if mode not in ('r', 'rt', 'rb', 'rU', 'U') and not self._ok(path):
+                self._violation("file", path, mode, *args, **kw)
+            return _file(path,mode,*args,**kw)
+
    def _open(self, path, mode='r', *args, **kw):
        if mode not in ('r', 'rt', 'rb', 'rU', 'U') and not self._ok(path):
            self._violation("open", path, mode, *args, **kw)