Message 11484 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	gvanrossum
Recipients
Date	2002-08-17.20:01:57
SpamBayes Score
Marked as misclassified
Message-id
In-reply-to

Content
Logged In: YES user_id=6380 I find it hard to believe that putting __builtins__ back once per r_exec() call would be sufficient. What if someone wrote "del __builtins__; import socket" ? Backporting to 2.1 sounds like giving people a false sense of security. If there's a message to be gotten out, it is "don't trust rexec". This fix doesn't make me more confident but less (even if applied).

Logged In: YES 
user_id=6380

I find it hard to believe that putting __builtins__ back
once per r_exec() call would be sufficient.

What if someone wrote "del __builtins__; import socket" ?

Backporting to 2.1 sounds like giving people a false sense
of security. If there's a message to be gotten out, it is
"don't trust rexec". This fix doesn't make me more confident
but less (even if applied).

History
Date	User	Action	Args
2007-08-23 14:02:49	admin	link	issue577530 messages
2007-08-23 14:02:49	admin	create