29 Jul
2005
29 Jul
'05
2:59 a.m.
On Thu, 2005-07-28 at 11:52, Mark Sapiro wrote:
The real issue here seems to be that the import from mm_cfg done in the driver script is inadequately protected. The driver script print_traceback definition contains
try: from Mailman.mm_cfg import VERSION except ImportError: VERSION = '<undetermined>'
This is fine if there is an ImportError exception, but since mm_cfg.py is edited by users, it is possible (likely) that there will be a SyntaxError error exception here, and something more meaningful than the "Mailman experienced a very low level failure and could not even generate a useful traceback for you." message could be reported.
Bare excepts are evil, but maybe it's warranted in this situation. All we really care about is the VERSION variable you're right that users can easily put all manner of nastiness in there.
-Barry