classification
Title: Pdb._runscript should use io.open_code() instead of open()
Type: security Stage: resolved
Components: Library (Lib) Versions: Python 3.9, Python 3.8
process
Status: closed Resolution: fixed
Dependencies: Superseder:
Assigned To: Nosy List: Jason.Killen, miss-islington, plokmijnuhby, steve.dower
Priority: normal Keywords: patch

Created on 2019-11-06 16:05 by plokmijnuhby, last changed 2019-11-12 23:09 by miss-islington. This issue is now closed.

Pull Requests
URL Status Linked Edit
PR 17127 merged python-dev, 2019-11-12 15:34
PR 17135 merged miss-islington, 2019-11-12 22:48
Messages (5)
msg356145 - (view) Author: Dominic Littlewood (plokmijnuhby) * Date: 2019-11-06 16:05
Fairly obviously, if you're using something called _runscript you're probably trying to run some code. To do this it has to open the script as a file.

This is similar to two other issues I'm posting, but they're in different modules, so different bugs.
msg356264 - (view) Author: Jason Killen (Jason.Killen) * Date: 2019-11-08 21:02
I flipped through PEP 578 (Runtime Audit Hooks) and this seems like the type of situation that PEP 578 was trying to handle.  I've got a change that seems to be working and can provide a PR or whatever once I remember/read up on doing that.  (I'm a very seldom contributor and am more than happy to defer to those that know more than me.)
msg356500 - (view) Author: Steve Dower (steve.dower) * (Python committer) Date: 2019-11-12 22:42
New changeset d593881505c1f4acfd17f41312b27cc898451816 by Steve Dower (jsnklln) in branch 'master':
bpo-38723: Pdb._runscript should use io.open_code() instead of open() (GH-17127)
https://github.com/python/cpython/commit/d593881505c1f4acfd17f41312b27cc898451816
msg356502 - (view) Author: Steve Dower (steve.dower) * (Python committer) Date: 2019-11-12 22:49
Thanks for the PR!
msg356505 - (view) Author: miss-islington (miss-islington) Date: 2019-11-12 23:09
New changeset 0a8e7fde064c8fb6eb8e78752d4bcdab56643065 by Miss Islington (bot) in branch '3.8':
bpo-38723: Pdb._runscript should use io.open_code() instead of open() (GH-17127)
https://github.com/python/cpython/commit/0a8e7fde064c8fb6eb8e78752d4bcdab56643065
History
Date User Action Args
2019-11-12 23:09:11miss-islingtonsetnosy: + miss-islington
messages: + msg356505
2019-11-12 22:49:40steve.dowersetstatus: open -> closed
versions: + Python 3.8
messages: + msg356502

resolution: fixed
stage: patch review -> resolved
2019-11-12 22:48:48miss-islingtonsetpull_requests: + pull_request16645
2019-11-12 22:42:56steve.dowersetnosy: + steve.dower
messages: + msg356500
2019-11-12 15:34:44python-devsetkeywords: + patch
stage: patch review
pull_requests: + pull_request16635
2019-11-08 21:02:40Jason.Killensetnosy: + Jason.Killen
messages: + msg356264
2019-11-06 16:05:59plokmijnuhbysettype: security
components: + Library (Lib)
versions: + Python 3.9
2019-11-06 16:05:27plokmijnuhbycreate