Issue 59: [PATCH] sandbox.py replaces builtin type file with builtin function open - Setuptools tracker

Title	[PATCH] sandbox.py replaces builtin type file with builtin function open
Priority	critical	Status	resolved
Superseder		Nosy List	pje, pjenvey
Assigned To	pje	Keywords

Created on 2009-02-14.01:10:15 by pjenvey, last changed 2009-10-19.19:13:31 by pje.

Files
File name	Uploaded	Type	Edit	Remove
builtin_file-r66750.diff	pjenvey, 2009-02-14.01:10:14	text/plain

Messages
msg413 (view)	Author: pje	Date: 2009-10-19.19:13:31
setuptools 0.6c10 is released with a fix for this issue.
msg366 (view)	Author: pje	Date: 2009-10-10.19:19:13
This patch introduces a new hole: the file() builtin will be allowed to bypass the sandbox. I'm implementing a replacement that will work prevent this.
msg236 (view)	Author: pjenvey	Date: 2009-02-14.01:10:14
builtin open changed from an alias to the file type to a function in Python 2.5. sandbox.py assumes file is open when replacing/restoring the two with sandboxed versions Attached is a patch that removes that hardcoding Prioritized as critical, this is evil!

History
Date	User	Action	Args
2009-10-19 19:13:31	pje	set	status: in-progress -> resolved messages: + msg413
2009-10-10 23:36:50	pje	set	status: chatting -> in-progress
2009-10-10 19:19:13	pje	set	status: unread -> chatting messages: + msg366
2009-02-14 01:10:15	pjenvey	create