Security hole in rexec?
Troels Therkelsen
t_therkelsen at hotmail.com
Sun Aug 25 13:46:26 EDT 2002
Thank you for your response. While it does solve my immediate
concern, it does puzzle me that the whole thing is even possible;
__builtins__ should be read-only, but even if I make my own subclass
of dict that doesn't allow deletion of elements and pass that to exec
... in <my subclass of dict>, you can still delete it from within
exec.
Ah well. I can live with the custom patch for now. Perhaps
restricted execution will be solved in a more satisfactory manner
eventually :-)
Best regards,
Troels Therkelsen
More information about the Python-list
mailing list