[Python-Dev] known obvious thing or bug (rexec)?

[Guido van Rossum]

> > Of course that assumes that the main features in the core are secure.
> > Samuele's observation that restricted code can modify a new-style
> > class passed in belies that.
> 
> How that would affect Python itself, if no rexec module was offered? He
> wouldn't even notice that this problem was there, unless he was using
> the "python-rexec" external module. Even then, he would have reported
> this as a bug in "python-rexec", not in Python itself.

I was assuming that even if you're not using the rexec module, you're
using *some* way to execute untrusted Python code.  If that untrusted
Python code is given access to a new-style class, the hole is as open
as ever.  (Fortunately you can't modify built-in types, otherwise the
hole would be much bigger and much harder to avoid.)

> That's the goal! To get into the hall-of-fame, one would have to tell
> how he got in. We can also send an email to someone just before
> executing the code, so that even anonymous hackers contribute with the
> idea.

I don't expect you'll ever reach the point where it'll be wise to
advertise this as safe.  I certainly won't.

--Guido van Rossum (home page: http://www.python.org/~guido/)