Backport (the relevant part of) rexec.py 1.41.

Address SF bug #577530: del __builtins__ breaks out of rexec

Using the suggestion there: add_module() forces __builtin__ back; this
fixes r_exec, r_eval, r_execfile.

This does not mean that rexec is now considered safe!  But for those
willing to take the risk, it's safer than before.  (Note that a safety
analysis of the code module would be wise if you plan to use the
interactive console for real -- I've only ever used it to play with
restricted mode.)

diff --git a/Lib/rexec.py b/Lib/rexec.py
index 04ff405fcf0e0a2be284af34bd4da9272ad4dfdc..0966d1278935230a8c4589c231f29b3ea58f57a4 100644 (file)
--- a/Lib/rexec.py
+++ b/Lib/rexec.py
@@ -288,9 +288,9 @@ class RExec(ihooks._Verbose):
     # Add a module -- return an existing module or create one
 
     def add_module(self, mname):
-        if self.modules.has_key(mname):
-            return self.modules[mname]
-        self.modules[mname] = m = self.hooks.new_module(mname)
+        m = self.modules.get(mname)
+        if m is None:
+            self.modules[mname] = m = self.hooks.new_module(mname)
         m.__builtins__ = self.modules['__builtin__']
         return m