Message 1573 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	arigo
Recipients
Date	2004-06-29.10:36:31
SpamBayes Score
Marked as misclassified
Message-id
In-reply-to

Content
Logged In: YES user_id=4771 Doing the type check in exec and execfile() but not in eval() is not something that seems particularly useful to me. Any program can be written as an expression in Python if you are crazy enough to do that... So it doesn't offer any extra security to be more strict in exec than in eval(). People who really want to do it would have to go through incredible pain just to work around the type check. For the implications, I believe it is sufficient (and necessary) to carefully review all usages of f_locals throughout the code, and document f_locals as no longer necessary a dictionary for those extension writers that would have used this fact.

Logged In: YES 
user_id=4771

Doing the type check in exec and execfile() but not in
eval() is not something that seems particularly useful to
me.  Any program can be written as an expression in Python
if you are crazy enough to do that...  So it doesn't offer
any extra security to be more strict in exec than in eval().
 People who really want to do it would have to go through
incredible pain just to work around the type check.

For the implications, I believe it is sufficient (and
necessary) to carefully review all usages of f_locals
throughout the code, and document f_locals as no longer
necessary a dictionary for those extension writers that
would have used this fact.

History
Date	User	Action	Args
2007-08-23 13:50:45	admin	link	issue215126 messages
2007-08-23 13:50:45	admin	create