[Python-checkins] python/dist/src/Doc/lib librexec.tex,1.14.12.2,1.14.12.3
fdrake@users.sourceforge.net
fdrake@users.sourceforge.net
Tue, 27 Aug 2002 09:42:40 -0700
Update of /cvsroot/python/python/dist/src/Doc/lib
In directory usw-pr-cvs1:/tmp/cvs-serv18194/Doc/lib
Modified Files:
Tag: release21-maint
librexec.tex
Log Message:
Add strong security warning about the rexec module.
Closes SF patch #600861.
Index: librexec.tex
===================================================================
RCS file: /cvsroot/python/python/dist/src/Doc/lib/librexec.tex,v
retrieving revision 1.14.12.2
retrieving revision 1.14.12.3
diff -C2 -d -r1.14.12.2 -r1.14.12.3
*** librexec.tex 31 May 2002 21:19:53 -0000 1.14.12.2
--- librexec.tex 27 Aug 2002 16:42:37 -0000 1.14.12.3
***************
*** 6,10 ****
-
This module contains the \class{RExec} class, which supports
\method{r_eval()}, \method{r_execfile()}, \method{r_exec()}, and
--- 6,9 ----
***************
*** 15,18 ****
--- 14,27 ----
only have access to modules and functions that are deemed safe; you
can subclass \class{RExec} to add or remove capabilities as desired.
+
+ \strong{Warning:}
+ While the \module{rexec} module is designed to perform as described
+ below, it does have a few known vulnerabilities which could be
+ exploited by carefully written code. Thus it should not be relied
+ upon in situations requiring ``production ready'' security. In such
+ situations, execution via sub-processes or very careful ``cleansing''
+ of both code and data to be processed may be necessary.
+ Alternatively, help in patching known \module{rexec} vulnerabilities
+ would be welcomed.
\emph{Note:} The \class{RExec} class can prevent code from performing