Message11484
Logged In: YES
user_id=6380
I find it hard to believe that putting __builtins__ back
once per r_exec() call would be sufficient.
What if someone wrote "del __builtins__; import socket" ?
Backporting to 2.1 sounds like giving people a false sense
of security. If there's a message to be gotten out, it is
"don't trust rexec". This fix doesn't make me more confident
but less (even if applied). |
|
Date |
User |
Action |
Args |
2007-08-23 14:02:49 | admin | link | issue577530 messages |
2007-08-23 14:02:49 | admin | create | |
|