[issue42472] security hole in eval()
STINNER Victor
report at bugs.python.org
Thu Nov 26 10:01:19 EST 2020
STINNER Victor <vstinner at python.org> added the comment:
> The specification specifically allows for the restriction of access to globals via the second argument to eval.
The Python language reference doesn't provide any warranty like that.
https://docs.python.org/dev/library/functions.html#eval
I close the issue as "not as bug".
All previous attempts to "sandbox" Python code in Python have failed. The correct way is to run Python in a sandbox. Not the opposite.
> https://lwn.net/Articles/574215/
This one was my attempt for example ;-)
----------
resolution: -> not a bug
stage: -> resolved
status: open -> closed
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue42472>
_______________________________________
More information about the Python-bugs-list
mailing list