tav <tav <at> espians.com> writes: > > I've fixed this hole in safelite.py, but would be interested to know > if there are other non-user-initiated dynamically imported modules? You'd better make __builtins__ read-only, it will plug a whole class of attacks like this.