diff options
| -rw-r--r-- | CHANGES.txt | 2 | ||||
| -rwxr-xr-x | setuptools/sandbox.py | 6 |
2 files changed, 8 insertions, 0 deletions
diff --git a/CHANGES.txt b/CHANGES.txt index 21624f32..4c16f37a 100644 --- a/CHANGES.txt +++ b/CHANGES.txt @@ -6,6 +6,8 @@ CHANGES 0.6.5 ----- +* Fixed a hole in sandboxing allowing builtin file to write outside of + the sandbox. ----- 0.6.4 diff --git a/setuptools/sandbox.py b/setuptools/sandbox.py index 67cedde6..7b487833 100755 --- a/setuptools/sandbox.py +++ b/setuptools/sandbox.py @@ -168,6 +168,12 @@ class DirectorySandbox(AbstractSandbox): def _violation(self, operation, *args, **kw): raise SandboxViolation(operation, args, kw) + if _file: + def _file(self, path, mode='r', *args, **kw): + if mode not in ('r', 'rt', 'rb', 'rU', 'U') and not self._ok(path): + self._violation("file", path, mode, *args, **kw) + return _file(path,mode,*args,**kw) + def _open(self, path, mode='r', *args, **kw): if mode not in ('r', 'rt', 'rb', 'rU', 'U') and not self._ok(path): self._violation("open", path, mode, *args, **kw) |