Emanuele D'Arrigo write: > In what ways would the untrusted string be able to obtain the > original, built-in open function and open a file for writing? Yes, if you know some tricks: >>> [cls for cls in object.__subclasses__() if cls.__name__ == 'file'][0] <type 'file'> Christian