[Python-Dev] known obvious thing or bug (rexec)?
Guido van Rossum
guido@python.org
Mon, 16 Dec 2002 17:14:49 -0500
> > Of course that assumes that the main features in the core are secure.
> > Samuele's observation that restricted code can modify a new-style
> > class passed in belies that.
>
> How that would affect Python itself, if no rexec module was offered? He
> wouldn't even notice that this problem was there, unless he was using
> the "python-rexec" external module. Even then, he would have reported
> this as a bug in "python-rexec", not in Python itself.
I was assuming that even if you're not using the rexec module, you're
using *some* way to execute untrusted Python code. If that untrusted
Python code is given access to a new-style class, the hole is as open
as ever. (Fortunately you can't modify built-in types, otherwise the
hole would be much bigger and much harder to avoid.)
> That's the goal! To get into the hall-of-fame, one would have to tell
> how he got in. We can also send an email to someone just before
> executing the code, so that even anonymous hackers contribute with the
> idea.
I don't expect you'll ever reach the point where it'll be wise to
advertise this as safe. I certainly won't.
--Guido van Rossum (home page: http://www.python.org/~guido/)