summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJiri Denemark <jdenemar@redhat.com>2011-03-11 13:44:20 +0100
committerJiri Denemark <jdenemar@redhat.com>2011-03-14 12:37:19 +0100
commit0aa2b90fc0a9975221ae8f8e94df61bb788877bc (patch)
tree2c539db485706da855166fb2f5584754657c24c2
parentf9b0014ec10e3c031e0cdbd90ae9c2ba5698804e (diff)
downloadlibvirt-python-split-0aa2b90fc0a9975221ae8f8e94df61bb788877bc.tar.gz
libvirt-python-split-0aa2b90fc0a9975221ae8f8e94df61bb788877bc.tar.xz
libvirt-python-split-0aa2b90fc0a9975221ae8f8e94df61bb788877bc.zip
python: Use hardcoded python path in libvirt.pyv0.9.1v0.9.0CVE-2011-1486
This partially reverts (and fixes that part in a different way) commit e4384459c93e3e786aa483c7f077d1d22148f689, which replaced ``/usr/bin/python'' with ``/usr/bin/env python'' in all examples or scripts used during build to generate other files. However, python bindings module is compiled and linked against a specific python discovered or explicitly provided in configure phase. Thus libvirt.py, which is generated and installed into the system, should use the same python binary for which the module has been built. The hunk in Makefile.am replaces $(srcdir) with $(PYTHON), which might seem wrong but it is not. generator.py didn't use any of its command line arguments so passing $(srcdir) to it was redundant.
-rw-r--r--Makefile.am2
-rwxr-xr-xgenerator.py7
-rw-r--r--libvirt-override.py5
3 files changed, 7 insertions, 7 deletions
diff --git a/Makefile.am b/Makefile.am
index eda2866..432ad70 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -53,7 +53,7 @@ GENERATED= libvirt-export.c \
libvirt.py
generated.stamp: $(srcdir)/$(GENERATE) $(API_DESC)
- $(PYTHON) $(srcdir)/$(GENERATE) $(srcdir)
+ $(PYTHON) $(srcdir)/$(GENERATE) $(PYTHON)
touch $@
$(GENERATED): generated.stamp
diff --git a/generator.py b/generator.py
index 6f4bb40..4fa4f65 100755
--- a/generator.py
+++ b/generator.py
@@ -14,6 +14,11 @@ import re
if __name__ == "__main__":
# launched as a script
srcPref = os.path.dirname(sys.argv[0])
+ if len(sys.argv) > 1:
+ python = sys.argv[1]
+ else:
+ print "Python binary not specified"
+ sys.exit(1)
else:
# imported
srcPref = os.path.dirname(__file__)
@@ -1012,7 +1017,7 @@ def buildWrappers():
classes = open("libvirt.py", "w")
extra = open(os.path.join(srcPref,"libvirt-override.py"), "r")
- classes.write("#!/usr/bin/env python\n")
+ classes.write("#! " + python + " -i\n")
classes.write("#\n")
classes.write("# WARNING WARNING WARNING WARNING\n")
classes.write("#\n")
diff --git a/libvirt-override.py b/libvirt-override.py
index 909ebe3..d544a0e 100644
--- a/libvirt-override.py
+++ b/libvirt-override.py
@@ -2,11 +2,6 @@
# Manually written part of python bindings for libvirt
#
-# Specify -i commandline option after python was started
-if __name__ == "__main__":
- import os
- os.environ["PYTHONINSPECT"] = "1"
-
# On cygwin, the DLL is called cygvirtmod.dll
try:
import libvirtmod