[ python-Bugs-1722239 ] NamedTuple security issue
SourceForge.net
noreply at sourceforge.net
Sun May 20 21:23:10 CEST 2007
Bugs item #1722239, was opened at 2007-05-20 11:00
Message generated for change (Comment added) made by bcannon
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=105470&aid=1722239&group_id=5470
Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: Python Library
Group: Python 2.6
Status: Open
Resolution: None
Priority: 5
Private: No
Submitted By: Christian Heimes (tiran)
Assigned to: Nobody/Anonymous (nobody)
Summary: NamedTuple security issue
Initial Comment:
collections.NamedTuple is using an assert to prevent exec attacks:
assert ''.join(field_names).replace('_', '').isalpha()
# protect against exec attack
s
asserts are ignored when Python code is run with the -O or -OO flag. I suggest to replace them.
----------------------------------------------------------------------
>Comment By: Brett Cannon (bcannon)
Date: 2007-05-20 12:23
Message:
Logged In: YES
user_id=357491
Originator: NO
Or you could just not have the security protection in there. I am sure
there are a ton of other places that are not protected against malicious
use of exec.
----------------------------------------------------------------------
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=105470&aid=1722239&group_id=5470
More information about the Python-bugs-list
mailing list