[Python-bugs-list] [ python-Bugs-404545 ] frozen package import uses wrong files (original) (raw)

noreply@sourceforge.net noreply@sourceforge.net
Thu, 18 Oct 2001 11:52:46 -0700

Bugs item #404545, was opened at 2001-02-27 02:18 You can respond by visiting: http://sourceforge.net/tracker/?func=detail&atid=105470&aid=404545&group_id=5470

Category: Python Interpreter Core Group: None

Status: Closed Resolution: Fixed Priority: 2 Submitted By: Toby Dickenson (htrd) Assigned to: Guido van Rossum (gvanrossum) Summary: frozen package import uses wrong files

Initial Comment: In a frozen package, importing a module from another package causes the import machinery to try to open some curiously named files, before finally finding the frozen data.

It is possible to 'break' a frozen program by creating a file of that name. The frozen program will try to import from it rather than the frozen data.

The following collection of modules demonstrates this (also in the attached zip):

Directory of D:\Projects\import

2001-02-27 08:57 11 b.n.py 2001-02-27 08:49 10 x.py 2 File(s) 21 bytes

Directory of D:\Projects\import\a

2001-02-27 08:57 27 m.py 2001-02-27 09:58 0 init.py 2 File(s) 27 bytes

Directory of D:\Projects\import\b

2001-02-27 08:56 11 n.py 2001-02-27 09:58 0 init.py 2 File(s) 11 bytes

 Total Files Listed:
           6 File(s)             59 bytes
           0 Dir(s)   1,485,537,280 bytes free

The 'real' program is made up of the three files with single character names plus the two init files.

b.n.py is a rogue file that breaks a frozen program.

x.py contains "import a.m"

a/m.py contains "import b.n". This is the import that goes wrong. When run as a normal script it imports b/n.py.

However, a frozen binary appears to search for various a.b.* files over sys.path first. If it is run from the same directory as a.b.py then it will load that file instead. Note that this file is not included in the freeze.

Comment By: Guido van Rossum (gvanrossum) Date: 2001-10-18 11:52

Message: Logged In: YES user_id=6380

This is now fixed by patch #416704 which is checked in.

Comment By: Toby Dickenson (htrd) Date: 2001-04-17 07:30

Message: Logged In: YES user_id=46460

Fix for this (and several other ways to break a frozen program) are in patch #416704

Comment By: Guido van Rossum (gvanrossum) Date: 2001-03-23 10:09

Message: Logged In: YES user_id=6380

Note, I tried this on Linux, and I couldn't reproduce it.

What Python version were you using?

Comment By: Guido van Rossum (gvanrossum) Date: 2001-03-20 11:43

Message: Logged In: YES user_id=6380

I agree this is a bug.

I think there are lots of other ways to break frozen programs, so I don't think this is a high priority security bug.

I wish I had more time to research this, but I don't, so I'll give this a low priority. If someone submits a patch, I'd be grateful!

You can respond by visiting: http://sourceforge.net/tracker/?func=detail&atid=105470&aid=404545&group_id=5470