[#636769] Fix for major rexec bugs
* Lib/rexec.py
(FileBase): Added 'xreadlines' and '__iter__' to allowed file methods.
(FileWrapper.__init__): Removed unnecessary self.f variable, which gave
direct access to the file object.
(RExec): Added 'xreadlines' and '_weakref' to allowed modules.
(RExec.r_open): Convert string subclasses to a real string classes
before doing comparisons with mode parameter.
* Lib/ihooks.py
(BasicModuleImporter.import_module/reload/unload): Convert the module
name to a real string before working with it.
(ModuleImporter.import_module/import_it/reload): Convert the module
name to a real strings before working with it.
* Misc/NEWS
Document the change.
Using the suggestion there: add_module() forces __builtin__ back; this
fixes r_exec, r_eval, r_execfile. The interactive console had to be
fixed separately, because it doesn't use r_exec, but relies on the
'locals' dict having the right __builtins__. Fixed this by
subclassing InteractiveConsole and overriding runcode(), which does
the exec. This changes the banner output slightly: instead of
starting with *** RESTRICTED ***, a subtler (RestrictedConsole) is
printed before the first >>> prompt.
Also import readline (if it exists) when the interactive console is
used, for more convenient input editing and history.
This does not mean that rexec is now considered safe! But for those
willing to take the risk, it's safer than before. (Note that a safety
analysis of the code module would be wise if you plan to use the
interactive console for real -- I've only ever used it to play with
restricted mode.)
This should be backported to 2.2 and 2.1.
If a rexec instance allows writing in the current directory (a common
thing to do), there's a way to execute bogus bytecode. Fix this by
not allowing imports from .pyc files (in a way that allows a site to
configure things so that .pyc files *are* allowed, if writing is not
allowed).
I'll apply this to 2.2 and 2.1 too.
just by doing type(f) where f is any file object. This left a hole in
restricted execution mode that rexec.py can't plug by itself (although it
can plug part of it; the rest is plugged in fileobject.c now).
