[Python-Dev] known obvious thing or bug (rexec)?
Guido van Rossum
guido@python.org
Mon, 16 Dec 2002 11:31:15 -0500
> latest CVS
>
> Python 2.3a0 (#1, Dec 14 2002, 07:19:32)
> [GCC 2.95.2 20000220 (Debian GNU/Linux)] on linux2
> Type "help", "copyright", "credits" or "license" for more information.
>
> consider
>
> >>> import rexec
> >>> r=rexec.RExec()
> >>> r.r_exec("class C: pass\nC.a=0")
> Traceback (most recent call last):
> File "<stdin>", line 1, in ?
> File "/home/users/p/pe/pedronis/python/dist/src/Lib/rexec.py", line 309, in
> r_
> exec
> exec code in m.__dict__
> File "<string>", line 2, in ?
> RuntimeError: classes are read-only in restricted mode
>
> vs.
>
> >>> r.r_exec("class C(object): pass\nC.a=0")
> >>>
Hm... Do you see any way to break out of restricted execution mode
using this? I suppose a fix would be simple enough, but I'm more and
more inclined to simply rip out rexec from the distribution -- it's
never going to be safe, and I doubt it's very useful as long as it's
not safe.
--Guido van Rossum (home page: http://www.python.org/~guido/)