Untrusted code execution
Chris Angelico
rosuav at gmail.com
Tue Apr 5 16:01:07 EDT 2016
On Wed, Apr 6, 2016 at 4:50 AM, Jon Ribbens
<jon+usenet at unequivocal.co.uk> wrote:
> On 2016-04-05, Chris Angelico <rosuav at gmail.com> wrote:
>> On Wed, Apr 6, 2016 at 3:26 AM, Jon Ribbens
>><jon+usenet at unequivocal.co.uk> wrote:
>>> The received wisdom is that restricted code execution in Python is
>>> an insolubly hard problem, but it looks a bit like my 7-line example
>>> above disproves this theory, provided you choose carefully what you
>>> provide in your restricted __builtins__ - but people who knows more
>>> than me about Python seem to have thought about this problem for
>>> longer than I have and come up with the opposite conclusion so I'm
>>> curious what I'm missing.
>>
>> No, it doesn't disprove anything. All you've shown is "here's a piece
>> of code that hasn't yet been compromised". :)
>
> Yes, obviously. I wasn't asking for pedantry.
It's more than pedantry. There's a huge difference between "thing that
hasn't been proven yet" and "thing that has been disproved".
ChrisA
More information about the Python-list
mailing list