[Python-Dev] rexec.py unuseable

Luke Kenneth Casson Leighton lkcl at lkcl.net
Mon Dec 15 14:10:23 EST 2003 

On Mon, Dec 15, 2003 at 12:01:07PM -0600, Skip Montanaro wrote:
> 
>     Luke> well, uhm, if [rexec]'s broken, why hasn't it been reverted to the
>     Luke> 2.0 code?
> 
> My understanding was that in 2.0 it was also broken, but that (relatively)
> recent changes to Python made the breakage easier to exploit.

the issue is [back-tracking to the 2.0 code],

were those "breakages" actually features, or were they definitely
"breakages"?

i.e.

was it 1)

	was it just unexpected behaviour in that a function
	_called_ by a rexec'd restricted routine could do,
	for example writes;

	was it that an unrestricted function, module or
	variable imported by a rexec'd restricted routine or
	module could be accessed.

	e.g. like this:

	contents of bypassmodule.py:

		import open as unrestrictedopen

	then code run under rexec:

		from bypassmodule import unrestrictedopen


	both of these things i would consider to be
	totally acceptable behaviour of the [2.] rexec.py
	module!!!

	i would NOT consider them to be a bug, and in fact
	are desirable behaviour in order to get my code working.

	i believe that there exists in [2.0] rexec a mechanism
	to specify what functions are allowed in a particular
	module, so i could restrict access to the
	bypassmodule.unrestrictedopen function, if necessary.


OR was it 2)

	a genuine bug.


> As for alternatives, I suggest you post a query on comp.lang.python (aka
> python-list at python.org).
 
  ta!

> Skip

-- 
-- 
expecting email to be received and understood is a bit like
picking up the telephone and immediately dialing without
checking for a dial-tone; speaking immediately without listening
for either an answer or ring-tone; hanging up immediately and
then expecting someone to call you (and to be able to call you).
--
every day, people send out email expecting it to be received
without being tampered with, read by other people, delayed or
simply - without prejudice but lots of incompetence - destroyed.
--
please therefore treat email more like you would a CB radio
to communicate across the world (via relaying stations):
ask and expect people to confirm receipt; send nothing that
you don't mind everyone in the world knowing about...

More information about the Python-Dev mailing list