From 4f78b080b4cb51b3d3ea4453333ef83ebdc3590e Mon Sep 17 00:00:00 2001 From: Thomas Liske Date: Sun, 3 Nov 2024 19:50:31 +0100 Subject: [PATCH 4/5] interp: chdir into empty directory to prevent python parsing arbitrary files --- perl/lib/NeedRestart/Interp/Python.pm | 13 +++++++++++++ 1 file changed, 13 insertions(+) --- a/perl/lib/NeedRestart/Interp/Python.pm +++ b/perl/lib/NeedRestart/Interp/Python.pm @@ -29,11 +29,13 @@ use warnings; use parent qw(NeedRestart::Interp); use Cwd qw(abs_path getcwd); +use File::Temp qw(tempdir); use Getopt::Std; use NeedRestart qw(:interp); use NeedRestart::Utils; my $LOGPREF = '[Python]'; +my $empty_dir; needrestart_interp_register(__PACKAGE__); @@ -79,6 +81,14 @@ sub _scan($$$$$) { } } +# chdir into empty directory to prevent python parsing arbitrary files +sub chdir_empty() { + unless(defined($empty_dir)) { + $empty_dir = tempdir(CLEANUP => 1); + } + chdir($empty_dir); +} + sub source { my $self = shift; my $pid = shift; @@ -185,6 +195,7 @@ sub files { # use cached data if avail if(exists($cache->{files}->{(__PACKAGE__)}->{$src})) { + chdir($cwd); print STDERR "$LOGPREF #$pid: use cached file list\n" if($self->{debug}); return %{ $cache->{files}->{(__PACKAGE__)}->{$src} }; } @@ -200,11 +211,13 @@ sub files { } # get include path from sys.path + chdir_empty(); my ($pyread, $pywrite) = nr_fork_pipe2($self->{debug}, $ptable->{exec}, '-'); print $pywrite "import sys\nprint(sys.path)\n"; close($pywrite); my ($path) = <$pyread>; close($pyread); + chdir("/proc/$pid/root/$ptable->{cwd}"); # look for module source files if(defined($path)) {