Untrusted code execution

[Jon Ribbens]

On 2016-04-07, Chris Angelico <rosuav at gmail.com> wrote:
> Options 1 and 2 are nastily restricted. Option 3 is likely broken, as
> exception objects carry tracebacks and such.

Everything you're saying here is assuming that we must not let the
attacker see any exception objects, but I don't understand why you're
assuming that. As far as I can see, the information that exceptions
hold that we need to prevent access to is all in "__" attributes that
we're already blocking.