1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
|
From 4f78b080b4cb51b3d3ea4453333ef83ebdc3590e Mon Sep 17 00:00:00 2001
From: Thomas Liske <thomas@fiasko-nw.net>
Date: Sun, 3 Nov 2024 19:50:31 +0100
Subject: [PATCH 4/5] interp: chdir into empty directory to prevent python
parsing arbitrary files
---
perl/lib/NeedRestart/Interp/Python.pm | 13 +++++++++++++
1 file changed, 13 insertions(+)
--- a/perl/lib/NeedRestart/Interp/Python.pm
+++ b/perl/lib/NeedRestart/Interp/Python.pm
@@ -29,11 +29,13 @@ use warnings;
use parent qw(NeedRestart::Interp);
use Cwd qw(abs_path getcwd);
+use File::Temp qw(tempdir);
use Getopt::Std;
use NeedRestart qw(:interp);
use NeedRestart::Utils;
my $LOGPREF = '[Python]';
+my $empty_dir;
needrestart_interp_register(__PACKAGE__);
@@ -79,6 +81,14 @@ sub _scan($$$$$) {
}
}
+# chdir into empty directory to prevent python parsing arbitrary files
+sub chdir_empty() {
+ unless(defined($empty_dir)) {
+ $empty_dir = tempdir(CLEANUP => 1);
+ }
+ chdir($empty_dir);
+}
+
sub source {
my $self = shift;
my $pid = shift;
@@ -185,6 +195,7 @@ sub files {
# use cached data if avail
if(exists($cache->{files}->{(__PACKAGE__)}->{$src})) {
+ chdir($cwd);
print STDERR "$LOGPREF #$pid: use cached file list\n" if($self->{debug});
return %{ $cache->{files}->{(__PACKAGE__)}->{$src} };
}
@@ -200,11 +211,13 @@ sub files {
}
# get include path from sys.path
+ chdir_empty();
my ($pyread, $pywrite) = nr_fork_pipe2($self->{debug}, $ptable->{exec}, '-');
print $pywrite "import sys\nprint(sys.path)\n";
close($pywrite);
my ($path) = <$pyread>;
close($pyread);
+ chdir("/proc/$pid/root/$ptable->{cwd}");
# look for module source files
if(defined($path)) {
|
