diff options
| author | PJ Eby <distutils-sig@python.org> | 2005-05-30 23:20:34 +0000 | 
|---|---|---|
| committer | PJ Eby <distutils-sig@python.org> | 2005-05-30 23:20:34 +0000 | 
| commit | cbed7738a2cc7b1aad9b4d23e79ab8ba6d3c5571 (patch) | |
| tree | cc2b002fe10d940c75492bac04ebf2a2894e74b2 /easy_install.py | |
| parent | d96eeb6caa6497190497904012fccadedbc6f54c (diff) | |
| download | python-setuptools-bitbucket-cbed7738a2cc7b1aad9b4d23e79ab8ba6d3c5571.tar.gz | |
Add setup script "sandboxing" -- abort a setup script if it tries to write
to the filesystem outside of the installer's temporary directory.  This is
accomplished by temporarily replacing 'os.*' functions and the 'open'
builtin with path-validation wrappers.
Diffstat (limited to 'easy_install.py')
| -rwxr-xr-x | easy_install.py | 180 | 
1 files changed, 172 insertions, 8 deletions
| diff --git a/easy_install.py b/easy_install.py index 8b03ce82..a3c9b048 100755 --- a/easy_install.py +++ b/easy_install.py @@ -154,12 +154,12 @@ Options  """  import sys, os.path, pkg_resources, re, zipimport, zipfile, tarfile, shutil -import urlparse, urllib, tempfile +import urlparse, urllib, tempfile, __builtin__  from distutils.sysconfig import get_python_lib  from shutil import rmtree   # must have, because it can be called from __del__  from pkg_resources import * - - +_os = sys.modules[os.name] +_open = open  class Installer: @@ -337,8 +337,11 @@ class Installer:              try:                  sys.argv[:] = [setup_script, '-q', 'bdist_egg']                  sys.path.insert(0,os.getcwd()) -                execfile(setup_script, -                    {'__file__':setup_script, '__name__':'__main__'} +                DirectorySandbox(self.tmpdir).run( +                    lambda: execfile( +                        setup_script, +                        {'__file__':setup_script, '__name__':'__main__'} +                    )                  )              except SystemExit, v:                  if v.args and v.args[0]: @@ -364,9 +367,6 @@ class Installer: - - -      def install_egg(self, egg_path, zip_ok):          destination = os.path.join(self.instdir, os.path.basename(egg_path)) @@ -531,6 +531,170 @@ class Installer: +class AbstractSandbox: +    """Wrap 'os' module and 'open()' builtin for virtualizing setup scripts""" + +    _active = False + +    def __init__(self): +        self._attrs = [ +            name for name in dir(_os) +                if not name.startswith('_') and hasattr(self,name) +        ] + +    def _copy(self, source): +        for name in self._attrs: +            setattr(os, name, getattr(source,name)) + +    def run(self, func): +        """Run 'func' under os sandboxing""" +        try: +            self._copy(self) +            __builtin__.open = __builtin__.file = self._open +            self._active = True +            return func() +        finally: +            self._active = False +            __builtin__.open = __builtin__.file = _open +            self._copy(_os) + + +    def _mk_dual_path_wrapper(name): +        original = getattr(_os,name) +        def wrap(self,src,dst,*args,**kw): +            if self._active: +                src,dst = self._remap_pair(name,src,dst,*args,**kw) +            return original(src,dst,*args,**kw) +        return wrap + + +    for name in ["rename", "link", "symlink"]: +        if hasattr(_os,name): locals()[name] = _mk_dual_path_wrapper(name) + + +    def _mk_single_path_wrapper(name, original=None): +        original = original or getattr(_os,name) +        def wrap(self,path,*args,**kw): +            if self._active: +                path = self._remap_input(name,path,*args,**kw) +            return original(path,*args,**kw) +        return wrap + +    _open = _mk_single_path_wrapper('file', _open) +    for name in [ +        "stat", "listdir", "chdir", "open", "chmod", "chown", "mkdir", +        "remove", "unlink", "rmdir", "utime", "lchown", "chroot", "lstat", +        "startfile", "mkfifo", "mknod", "pathconf", "access" +    ]: +        if hasattr(_os,name): locals()[name] = _mk_single_path_wrapper(name) + + +    def _mk_single_with_return(name): +        original = getattr(_os,name) +        def wrap(self,path,*args,**kw): +            if self._active: +                path = self._remap_input(name,path,*args,**kw) +                return self._remap_output(name, original(path,*args,**kw)) +            return original(path,*args,**kw) +        return wrap + +    for name in ['readlink', 'tempnam']: +        if hasattr(_os,name): locals()[name] = _mk_single_with_return(name) + +    def _mk_query(name): +        original = getattr(_os,name) +        def wrap(self,*args,**kw): +            retval = original(*args,**kw) +            if self._active: +                return self._remap_output(name, retval) +            return retval +        return wrap + +    for name in ['getcwd', 'tmpnam']: +        if hasattr(_os,name): locals()[name] = _mk_query(name) + +    def _validate_path(self,path): +        """Called to remap or validate any path, whether input or output""" +        return path + +    def _remap_input(self,operation,path,*args,**kw): +        """Called for path inputs""" +        return self._validate_path(path) + +    def _remap_output(self,operation,path): +        """Called for path outputs""" +        return self._validate_path(path) + +    def _remap_pair(self,operation,src,dst,*args,**kw): +        """Called for path pairs like rename, link, and symlink operations""" +        return ( +            self._remap_input(operation+'-from',src,*args,**kw), +            self._remap_input(operation+'-to',dst,*args,**kw) +        ) + + +class DirectorySandbox(AbstractSandbox): +    """Restrict operations to a single subdirectory - pseudo-chroot""" + +    write_ops = dict.fromkeys([ +        "open", "chmod", "chown", "mkdir", "remove", "unlink", "rmdir", +        "utime", "lchown", "chroot", "mkfifo", "mknod", "tempnam", +    ]) + +    def __init__(self,sandbox): +        self._sandbox = os.path.realpath(sandbox) +        self._prefix = os.path.join(self._sandbox,'') +        AbstractSandbox.__init__(self) + +    def _violation(self, operation, *args, **kw): +        raise SandboxViolation(operation, args, kw) + +    def _open(self, path, mode='r', *args, **kw): +        if mode not in ('r', 'rt', 'rb', 'rU') and not self._ok(path): +            self._violation("open", path, mode, *args, **kw) +        return _open(path,mode,*args,**kw) + +    def tmpnam(self): +        self._violation("tmpnam") + +    def _ok(self,path): +        active = self._active +        try: +            self._active = False +            realpath = os.path.realpath(path) +            if realpath==self._sandbox or realpath.startswith(self._prefix): +                return True +        finally: +            self._active = active + +    def _remap_input(self,operation,path,*args,**kw): +        """Called for path inputs""" +        if operation in self.write_ops and not self._ok(path): +            self._violation(operation, path, *args, **kw) +        return path + +    def _remap_pair(self,operation,src,dst,*args,**kw): +        """Called for path pairs like rename, link, and symlink operations""" +        if not self._ok(src) or not self._ok(dst): +            self._violation(operation, src, dst, *args, **kw) +        return (src,dst) + + +class SandboxViolation(RuntimeError): +    """A setup script attempted to modify the filesystem outside the sandbox""" + +    def __str__(self): +        return """SandboxViolation: %s%r %s + +The package setup script has attempted to modify files on your system +that are not within the EasyInstall build area, and has been aborted. + +This package cannot be safely installed by EasyInstall, and may not +support alternate installation locations even if you run its setup +script by hand.  Please inform the package's author and the EasyInstall +maintainers to find out if a fix or workaround is available.""" % self.args + +  class PthDistributions(AvailableDistributions):      """A .pth file with Distribution paths in it""" | 
