Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

IDLE: Don't run internal code in user namespace. #82259

Closed
terryjreedy opened this issue Sep 10, 2019 · 2 comments
Closed

IDLE: Don't run internal code in user namespace. #82259

terryjreedy opened this issue Sep 10, 2019 · 2 comments
Assignees
@terryjreedy
Labels
3.7 (EOL) end of life 3.8 only security fixes 3.9 only security fixes topic-IDLE type-bug An unexpected behavior, bug, or error

Comments

@terryjreedy
Copy link
Member

BPO 38078
Nosy @terryjreedy, @ZackerySpytz
PRs
  • bpo-38078: IDLE: Don't run internal code in the user namespace #20040
    		•

    Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.

    Show more details

    GitHub fields:

    assignee = 'https://github.com/terryjreedy'
closed_at = <Date 2021-02-01.22:30:00.900>
created_at = <Date 2019-09-10.01:37:51.204>
labels = ['3.8', 'expert-IDLE', 'type-bug', '3.7', '3.9']
title = "IDLE: Don't run internal code in user namespace."
updated_at = <Date 2021-02-01.22:30:00.900>
user = 'https://github.com/terryjreedy'

    bugs.python.org fields:

    activity = <Date 2021-02-01.22:30:00.900>
actor = 'terry.reedy'
assignee = 'terry.reedy'
closed = True
closed_date = <Date 2021-02-01.22:30:00.900>
closer = 'terry.reedy'
components = ['IDLE']
creation = <Date 2019-09-10.01:37:51.204>
creator = 'terry.reedy'
dependencies = []
files = []
hgrepos = []
issue_num = 38078
keywords = ['patch']
message_count = 2.0
messages = ['351562', '386119']
nosy_count = 2.0
nosy_names = ['terry.reedy', 'ZackerySpytz']
pr_nums = ['20040']
priority = 'normal'
resolution = 'rejected'
stage = 'resolved'
status = 'closed'
superseder = None
type = 'behavior'
url = 'https://bugs.python.org/issue38078'
versions = ['Python 3.7', 'Python 3.8', 'Python 3.9']
    @terryjreedy
    Copy link
    Member Author

    bpo-38077 fixed the bug of internal runcommand code not deleting 'argv' from the user namespace. This issue is about not running code there.

    When a subprocess is running, pyshell.ModifiedInterpreter.runcommand runs python code created by IDLE in locals == __main__.__dict__, the same as code enter by a user. This requires that the code carefully clean up after itself. I believe the same effect could by had more safely by exec-ing internal commands in the run module dict or a fresh temporary dict.

    Possible solution. In run.Executive.runcode, add 'user=True' to runcode signature, add 'if user else {}' to 'self.locals' arg, and add
    def runcommand(self, code):
    return self.runcode(code, user=False). Then replace 'runcode' with 'runcommand' in pyshell runcommand body.

    @terryjreedy terryjreedy added 3.7 (EOL) end of life 3.8 only security fixes 3.9 only security fixes labels Sep 10, 2019
    @terryjreedy terryjreedy self-assigned this Sep 10, 2019
    @terryjreedy terryjreedy added topic-IDLE type-bug An unexpected behavior, bug, or error labels Sep 10, 2019
    @terryjreedy
    Copy link
    Member Author

    Zachery, thank you for the PR to test. It turns out that the proposed change is more dangerous the the possible error it prevent. I could have easily missed the problem (not setting __file__, see PR).

    Before considering this again, I need to list ways to run user code with Python and what envivonment (cwd, path, dir() results. Then see what IDLE does in corresponding situations.

    @ezio-melotti ezio-melotti transferred this issue from another repository Apr 10, 2022
    Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
    Assignees

    @terryjreedy terryjreedy

    Labels
    3.7 (EOL) end of life 3.8 only security fixes 3.9 only security fixes topic-IDLE type-bug An unexpected behavior, bug, or error
    Projects
    None yet
    Milestone
    No milestone
    Development

    No branches or pull requests
    1 participant
    @terryjreedy