Issue1199
Created on 2008-12-10.16:38:40 by ethan-10gen, last changed 2008-12-11.00:10:42 by pjenvey.
|
| msg3906 (view) |
Author: Ethan Glasser-Camp (ethan-10gen) |
Date: 2008-12-10.16:38:39 |
|
The zipimporter.zipimporter constructor does some path exploration to
find out if it was given a path that is "contained" in a zip file. Right
now if it gets the path:
/some/path/archive.zip/jython/modules/foo.py
It walks up this path looking for an object that is a regular file. So,
it tries:
/some/path/archive.zip/jython/modules/
/some/path/archive.zip/jython/
/some/path/archive.zip
And then stops, since it has found a regular file. However, for paths
that are not contained in zip files, such as this:
/some/path/to/a/project/jython/Lib/foo.py
It will walk up the directory hierarchy, but never find a regular file:
/some/path/to/a/project/jython/Lib/
/some/path/to/a/project/jython/
/some/path/to/a/project/
/some/path/to/a/project/
/some/path/to/a/
/some/path/to/
/some/path/
/some/
We're trying to sandbox Jython and so use the JVM SecurityManager to
prohibit access to most files -- as a result, this directory climbing is
inconvenient for us. It seems to me that if you find that the path is
not a regular file, but does exist, then it must not be contained in any
zip files, so you can bail immediately. Does this change sound OK?
|
| msg3909 (view) |
Author: Philip Jenvey (pjenvey) |
Date: 2008-12-10.23:01:51 |
|
good idea -- CPython does this, it was lost in translation
|
| msg3911 (view) |
Author: Philip Jenvey (pjenvey) |
Date: 2008-12-11.00:10:41 |
|
done in r5733, thanks
|
|
| Date |
User |
Action |
Args |
| 2008-12-11 00:10:42 | pjenvey | set | status: open -> closed
resolution: accepted -> fixed
messages:
+ msg3911 |
| 2008-12-10 23:01:52 | pjenvey | set | assignee: pjenvey
resolution: accepted
messages:
+ msg3909
nosy:
+ pjenvey |
| 2008-12-10 16:38:40 | ethan-10gen | create | |
|
