[Bf-blender-cvs] SVN commit: /data/svn/bf-blender [16277] trunk/blender/source/gameengine/ Ketsji/KX_PythonInit.cpp: remove more python functions from builtins that could allow scripts to do bad stuff .
Campbell Barton
ideasman42 at gmail.com
Thu Aug 28 07:45:20 CEST 2008
Revision: 16277
http://projects.blender.org/plugins/scmsvn/viewcvs.php?view=rev&root=bf-blender&revision=16277
Author: campbellbarton
Date: 2008-08-28 07:45:20 +0200 (Thu, 28 Aug 2008)
Log Message:
-----------
remove more python functions from builtins that could allow scripts to do bad stuff.
- reload, file, execfile, compile
These are only removed when running in higher security mode thats not default in blender.
Modified Paths:
--------------
trunk/blender/source/gameengine/Ketsji/KX_PythonInit.cpp
Modified: trunk/blender/source/gameengine/Ketsji/KX_PythonInit.cpp
===================================================================
--- trunk/blender/source/gameengine/Ketsji/KX_PythonInit.cpp 2008-08-27 19:38:51 UTC (rev 16276)
+++ trunk/blender/source/gameengine/Ketsji/KX_PythonInit.cpp 2008-08-28 05:45:20 UTC (rev 16277)
@@ -852,14 +852,31 @@
// override builtin functions import() and open()
-PyObject *KXpy_open(PyObject *self, PyObject *args)
-{
+PyObject *KXpy_open(PyObject *self, PyObject *args) {
PyErr_SetString(PyExc_RuntimeError, "Sandbox: open() function disabled!\nGame Scripts should not use this function.");
return NULL;
}
+PyObject *KXpy_reload(PyObject *self, PyObject *args) {
+ PyErr_SetString(PyExc_RuntimeError, "Sandbox: reload() function disabled!\nGame Scripts should not use this function.");
+ return NULL;
+}
+PyObject *KXpy_file(PyObject *self, PyObject *args) {
+ PyErr_SetString(PyExc_RuntimeError, "Sandbox: file() function disabled!\nGame Scripts should not use this function.");
+ return NULL;
+}
+PyObject *KXpy_execfile(PyObject *self, PyObject *args) {
+ PyErr_SetString(PyExc_RuntimeError, "Sandbox: execfile() function disabled!\nGame Scripts should not use this function.");
+ return NULL;
+}
+
+PyObject *KXpy_compile(PyObject *self, PyObject *args) {
+ PyErr_SetString(PyExc_RuntimeError, "Sandbox: compile() function disabled!\nGame Scripts should not use this function.");
+ return NULL;
+}
+
PyObject *KXpy_import(PyObject *self, PyObject *args)
{
char *name;
@@ -895,20 +912,14 @@
}
+static PyMethodDef meth_open[] = {{ "open", KXpy_open, METH_VARARGS, "(disabled)"}};
+static PyMethodDef meth_reload[] = {{ "reload", KXpy_reload, METH_VARARGS, "(disabled)"}};
+static PyMethodDef meth_file[] = {{ "file", KXpy_file, METH_VARARGS, "(disabled)"}};
+static PyMethodDef meth_execfile[] = {{ "execfile", KXpy_execfile, METH_VARARGS, "(disabled)"}};
+static PyMethodDef meth_compile[] = {{ "compile", KXpy_compile, METH_VARARGS, "(disabled)"}};
-static PyMethodDef meth_open[] = {
- { "open", KXpy_open, METH_VARARGS,
- "(disabled)"}
-};
+static PyMethodDef meth_import[] = {{ "import", KXpy_import, METH_VARARGS, "our own import"}};
-
-static PyMethodDef meth_import[] = {
- { "import", KXpy_import, METH_VARARGS,
- "our own import"}
-};
-
-
-
//static PyObject *g_oldopen = 0;
//static PyObject *g_oldimport = 0;
//static int g_security = 0;
@@ -918,15 +929,21 @@
{
PyObject *m = PyImport_AddModule("__builtin__");
PyObject *d = PyModule_GetDict(m);
- PyObject *meth = PyCFunction_New(meth_open, NULL);
switch (level) {
case psl_Highest:
//if (!g_security) {
//g_oldopen = PyDict_GetItemString(d, "open");
- PyDict_SetItemString(d, "open", meth);
- meth = PyCFunction_New(meth_import, NULL);
- PyDict_SetItemString(d, "__import__", meth);
+
+ // functions we cant trust
+ PyDict_SetItemString(d, "open", PyCFunction_New(meth_open, NULL));
+ PyDict_SetItemString(d, "reload", PyCFunction_New(meth_reload, NULL));
+ PyDict_SetItemString(d, "file", PyCFunction_New(meth_file, NULL));
+ PyDict_SetItemString(d, "execfile", PyCFunction_New(meth_execfile, NULL));
+ PyDict_SetItemString(d, "compile", PyCFunction_New(meth_compile, NULL));
+
+ // our own import
+ PyDict_SetItemString(d, "__import__", PyCFunction_New(meth_import, NULL));
//g_security = level;
//}
break;
More information about the Bf-blender-cvs
mailing list