gnumeric r17109 - in trunk: . plugins/python-loader

[jhellan svn gnome org]

Author: jhellan
Date: Thu Jan 29 14:05:34 2009
New Revision: 17109
URL: http://svn.gnome.org/viewvc/gnumeric?rev=17109&view=rev

Log:
	* gnm-py-interpreter.c (gnm_py_interpreter_new): Work around
	security vulnerability in Python by making argv start with
	"/dev/null". #569648.


Modified:
   trunk/NEWS
   trunk/plugins/python-loader/ChangeLog
   trunk/plugins/python-loader/gnm-py-interpreter.c

Modified: trunk/NEWS
==============================================================================
--- trunk/NEWS	(original)
+++ trunk/NEWS	Thu Jan 29 14:05:34 2009
@@ -37,6 +37,9 @@
 	* Display top-left when selecting a rel ref to a merged region.
 	* Win32 fixed.
 
+Jon KÃre:
+        * Work around vulnerability in Python.  [#569648]
+
 Lutz Mueller:
 	* Enable drag of whole sheets to other applications.  [#523033]
 

Modified: trunk/plugins/python-loader/gnm-py-interpreter.c
==============================================================================
--- trunk/plugins/python-loader/gnm-py-interpreter.c	(original)
+++ trunk/plugins/python-loader/gnm-py-interpreter.c	Thu Jan 29 14:05:34 2009
@@ -79,7 +79,7 @@
 		G_TYPE_NONE, 0);
 }
 
-static char *plugin_argv[] = {(char *) "gnumeric", NULL};
+static char *plugin_argv[] = {(char *) "/dev/null/python/is/buggy/gnumeric", NULL};
 
 GnmPyInterpreter *
 gnm_py_interpreter_new (GOPlugin *plugin)
@@ -101,6 +101,7 @@
 	interpreter->plugin = plugin;
 
 	PySys_SetArgv (G_N_ELEMENTS (plugin_argv) - 1, plugin_argv);
+	PyRun_SimpleString("import sys; print sys.path");
 	py_initgnumeric (interpreter);
 
 	return interpreter;