[ python-Bugs-908936 ] rexec.r_eval() does not work like eval()
SourceForge.net
noreply at sourceforge.net
Tue Mar 30 16:06:14 EST 2004
Bugs item #908936, was opened at 2004-03-03 10:58
Message generated for change (Comment added) made by loewis
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=105470&aid=908936&group_id=5470
Category: Python Library
Group: Python 2.2.2
Status: Closed
Resolution: Wont Fix
Priority: 5
Submitted By: Philippe Fremy (pfremy)
Assigned to: Nobody/Anonymous (nobody)
Summary: rexec.r_eval() does not work like eval()
Initial Comment:
I want to use the eval() function of python as simple
ultra-restricted expression evaluator. So, when
executing r_eval(), I want to pass a dictionnary of the
local and global variables, just like it is possible
with eval(). However, r_eval() does not allow it.
----------------------------------------------------------------------
>Comment By: Martin v. Löwis (loewis)
Date: 2004-03-30 23:06
Message:
Logged In: YES
user_id=21627
No, not marked obsolete: "Changed in version 2.3: Disabled
module."
"While the rexec module is designed to perform as described
below, it does have a few known vulnerabilities which could
be exploited by carefully written code. "
Even in 2.2, when it still was enabled, it did not actually
do what it was designed to do, and it is not possible to fix
it. Also, there is no replacement available.
----------------------------------------------------------------------
Comment By: Philippe Fremy (pfremy)
Date: 2004-03-30 09:31
Message:
Logged In: YES
user_id=233844
http://www.python.org/doc/2.3.3/lib/module-rexec.html
reads: "17.1 rexec -- Restricted execution framework"
so it looks like the module does provide a "Restricted execution
framework", no ?
Now, I assume that you mean that the module has been marked
obsolete in the most recent of python (which I am not using).
Is there any replacement available ?
----------------------------------------------------------------------
Comment By: Martin v. Löwis (loewis)
Date: 2004-03-30 00:34
Message:
Logged In: YES
user_id=21627
The rexec module does not provide restricted execution, so
you should not be using it in the first place.
Closing this as "won't fix".
----------------------------------------------------------------------
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=105470&aid=908936&group_id=5470
More information about the Python-bugs-list
mailing list