[BangPypers] magic in datetime module?

Anand Chitipothu anandology at gmail.com
Fri Apr 3 09:23:11 CEST 2009


2009/4/3 Noufal Ibrahim <noufal at gmail.com>:
> There was a thread on python-dev recently about sandboxing code by
> restricting the variables provided. A lot of people broke it (you can
> check the archives for "break this code" or something similar).

This one?

http://mail.python.org/pipermail/python-dev/2009-February/086401.html

> In any case, if you deny people the ability to use __import__, then
> any functions that call import will fail. Whether that's a good
> practice is questionable but that's the state of affairs.

It does restrict people from using imports, but it doesn't restrict
calling functions which use import.

The problem with the mentioned code is that an implicit import is
getting called in the current env. If that import is inside that
function then it wouldn't be an issue.


More information about the BangPypers mailing list