[Python-Dev] Unexpected rexec behavior due to _sre
Charles G Waldman
cgw@fnal.gov
Tue, 12 Sep 2000 16:57:51 -0500 (CDT)
Andrew Kuchling writes:
> On Tue, Sep 12, 2000 at 04:48:47PM -0500, Guido van Rossum wrote:
> >The rexec.py module needs to be fixed. Should be simple enough.
> >There may be other modules that it should allow too!
>
> Are we sure that it's not possible to engineer segfaults or other
> nastiness by deliberately feeding _sre bad data? This was my primary
> reason for not exposing the PCRE bytecode interface, since it would
> have been difficult to make the code robust against hostile bytecodes.
If it used to be OK to "import re" in restricted mode, and now it
isn't, then this is an incompatible change and needs to be documented.
There are people running webservers and stuff who are counting on
being able to use the re module in restricted mode.