Running external module and accessing the created objects

[Michael Torrie]

On 03/11/2013 06:48 PM, Dave Angel wrote:
> I hope you're just kidding.  execfile() and exec() are two of the most 
> dangerous mechanisms around.  import or __import__() would be much 
> better, as long as your user hasn't already run myapp.py as his script.

It's not possible to setuid a python script, so I don't see how execfile
or exec is any more dangerous than the user creating a shell script that
rm -rf * things, and then running it.

Bash "exec's" scripts all the time that users create and provide.  How
is this different and what issues did you have in mind, exactly?