[Checkins] [zopefoundation/zope.security] dceaae: Allow public access to CheckerPublic.__module__
GitHub
noreply at github.com
Wed Jan 8 15:09:23 CET 2014
Branch: refs/heads/master
Home: https://github.com/zopefoundation/zope.security
Commit: dceaae23490a5cb2c305246305e6b3a51c29d3a5
https://github.com/zopefoundation/zope.security/commit/dceaae23490a5cb2c305246305e6b3a51c29d3a5
Author: Marius Gedminas <marius at gedmin.as>
Date: 2014-01-08 (Wed, 08 Jan 2014)
Changed paths:
M src/zope/security/checker.py
Log Message:
-----------
Allow public access to CheckerPublic.__module__
Story time: when you pickle an object (call it obj) with a custom
__reduce__ method that returns a string, the pickle module assumes this
is a global and wants to know which module it came from.
It obviously tries obj.__module__ first, but if that raises
AttributeError, it has this insane fallback loop where it iterates over
sys.modules.items() and for each module (excepting only __main__) checks
if getattr(module, obj.__name__, None) is obj.
Before my change if you tried
>>> from zope.security.checker import CheckerPublic
>>> CheckerPublic.__module__
you'd get
ForbiddenAttribute: ('__module__', Global(CheckerPublic,zope.security.checker))
Until now it was just a silly inefficiency. But then six 1.5.0 was
released with an interesting change:
https://bitbucket.org/gutworth/six/commits/fc2decf405ea6bcd3226bb1b77069d2a2279e0b7
Now six puts these six.MovedModule() wrappers into sys.modules. When
you try to access their attributes, the wrappers try to import random
modules, including those that may not exist in your Python (_winreg on
Linux? _tkinter also is often split off into a separate OS package).
Boom: running zope.security's tests now fails in random ways:
https://bitbucket.org/gutworth/six/issue/54/dependency-on-optional-tkinter-gdbm
So let's make sure pickle doesn't need to iterate through
sys.modules.items() and avoid the issue, m'kay?
More information about the checkins
mailing list