This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author Antony.Lee
Recipients Antony.Lee, Jim.Jewett, Trundle, Yury.Selivanov, barry, benjamin.peterson, cvrebert, daniel.urban, eric.araujo, ethan.furman, gcbirzan, gvanrossum, jamesh, jwilk, ncoghlan, pitrou, yorik.sar
Date 2014-10-02.04:53:04
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1412225585.01.0.470072737898.issue12029@psf.upfronthosting.co.za>
In-reply-to
Content 
"it looks like all the avenues for arbitrary code execution while checking if an exception handler matches a thrown an exception are closed off."

This seems to be directly contradicted by your previous sentence: "the except clause accepts any expressions producing a tuple or BaseException instance".

e.g.

===

>>> def f(): raise AttributeError
... 
>>> try: raise IndexError
... except f(): raise KeyError
... 
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
IndexError

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "<stdin>", line 2, in <module>
  File "<stdin>", line 1, in f
AttributeError

===

(note that f() is evaluated only if the body of "try" actually raises)
History
Date User Action Args
2014-10-02 04:53:05Antony.Leesetrecipients: + Antony.Lee, gvanrossum, barry, jamesh, ncoghlan, pitrou, benjamin.peterson, jwilk, eric.araujo, Trundle, cvrebert, daniel.urban, yorik.sar, ethan.furman, Yury.Selivanov, Jim.Jewett, gcbirzan
2014-10-02 04:53:05Antony.Leesetmessageid: <1412225585.01.0.470072737898.issue12029@psf.upfronthosting.co.za>
2014-10-02 04:53:04Antony.Leelinkissue12029 messages
2014-10-02 04:53:04Antony.Leecreate