2 files changed, 46 insertions, 1 deletions

diff --git a/EasyInstall.txt b/EasyInstall.txt
index f6501628..66b0b190 100755
--- a/EasyInstall.txt
+++ b/EasyInstall.txt
@@ -1265,6 +1265,10 @@ Release Notes/Change History
  * Allow explicit selection of Sourceforge mirror(s) with ``--sf-mirror``, and
    further refine download/retry algorithm.
 
+ * Fixed not allowing ``os.open()`` of paths outside the sandbox, even if they
+   are opened read-only (e.g. reading ``/dev/urandom`` for random numbers, as
+   is done by ``os.urandom()`` on some platforms).
+
 0.6c3
  * You once again use "python -m easy_install" with Python 2.4 and above.
 
diff --git a/setuptools/sandbox.py b/setuptools/sandbox.py
index d4131e62..3874a4f9 100755
--- a/setuptools/sandbox.py
+++ b/setuptools/sandbox.py
@@ -1,4 +1,4 @@
-import os, sys, __builtin__, tempfile
+import os, sys, __builtin__, tempfile, operator
 _os = sys.modules[os.name]
 _open = open
 from distutils.errors import DistutilsError
@@ -187,6 +187,21 @@ class DirectorySandbox(AbstractSandbox):
             self._violation(operation, src, dst, *args, **kw)
         return (src,dst)
 
+    def open(self, file, flags, mode=0777):
+        """Called for low-level os.open()"""
+        if flags & WRITE_FLAGS:
+            self._violation("open", file, flags, mode)
+        return _os.open(file,flags,mode)
+
+
+WRITE_FLAGS = reduce(
+    operator.or_,
+    [getattr(_os, a, 0) for a in
+        "O_WRONLY O_RDWR O_APPEND O_CREAT O_TRUNC O_TEMPORARY".split()]
+)
+
+
+
 
 class SandboxViolation(DistutilsError):
     """A setup script attempted to modify the filesystem outside the sandbox"""
@@ -203,3 +218,29 @@ script by hand.  Please inform the package's author and the EasyInstall
 maintainers to find out if a fix or workaround is available.""" % self.args
 
 
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+#