Serious privacy leak in Python for Windows
Paul Rubin
phr-n2002a at nightsong.com
Tue Jan 15 18:38:08 EST 2002
"Richard M. Smith" <rms at computerbytesman.com> writes:
> To fix this privacy leak, the Python runtime library should block all
> file operations when Python code is being used on a Web page, not just
> file write operations.
The leak is a terrible bug. Scripts on web pages/emails/etc. should
always be run in a rexec/Bastion container (for non-Pythonistas, a
"sandbox") that stops all these operations.
More information about the Python-list
mailing list