Untrusted code execution

[Paul Rubin]

Jon Ribbens <jon+usenet at unequivocal.co.uk> writes:
>>             isinstance(node, ast.Attribute) and node.attr.startswith("_")):
>>                 raise ValueError("Access to private values is not allowed.")
>>     namespace = {"__builtins__": {"int": int, "str": str, "len": len}}

> Nobody has any thoughts on this at all?

What happens with foo.get("5F5F70726976617465".decode("hex")) ?
That string decodes to "__private".

The Bastion module was removed some time ago because every attempt to do
something like this has failed...