Backport (the relevant part of) rexec.py 1.41.

Address SF bug #577530: del __builtins__ breaks out of rexec

Using the suggestion there: add_module() forces __builtin__ back; this
fixes r_exec, r_eval, r_execfile.

This does not mean that rexec is now considered safe!  But for those
willing to take the risk, it's safer than before.  (Note that a safety
analysis of the code module would be wise if you plan to use the
interactive console for real -- I've only ever used it to play with
restricted mode.)

diff --git a/Lib/rexec.py b/Lib/rexec.py
index ccc53df03a25ad0b70e5f1fe2f5568c9b049cc38..5b39f9cf00f06331db9d9f77bf330d039d4efc46 100644 (file)
--- a/Lib/rexec.py
+++ b/Lib/rexec.py
@@ -261,9 +261,9 @@ class RExec(ihooks._Verbose):
     # Add a module -- return an existing module or create one
 
     def add_module(self, mname):
-        if self.modules.has_key(mname):
-            return self.modules[mname]
-        self.modules[mname] = m = self.hooks.new_module(mname)
+        m = self.modules.get(mname)
+        if m is None:
+            self.modules[mname] = m = self.hooks.new_module(mname)
         m.__builtins__ = self.modules['__builtin__']
         return m