[Python-Dev] Whither rexec?
Guido van Rossum
guido@python.org
Mon, 06 Jan 2003 12:26:32 -0500
> can the BDFL or someone please tell me what I
> should say about rexec?
See my recent checkins and what I just sent to python-announce (not
sure when the moderator will get to it):
| Subject: Deleting rexec.py and Bastion.py
| From: Guido van Rossum <guido@python.org>
| To: python-announce@python.org
| Date: Mon, 06 Jan 2003 11:17:50 -0500
|
| There have been reports of serious security problems with rexec.py and
| Bastion.py starting with Python 2.2. We do not have the resources to
| fix these problems. Therefore, I will disable these modules in the next
| 2.3 alpha release and in the next 2.2 release (2.2.3, no release date
| scheduled). If you are using rexec.py or Bastion.py with any version
| of Python 2.2 or 2.3 to safeguard anonymously submitted source code, I
| strongly recommend that you stop doing so immediately, because it is
| *not* safe.
|
| There are also known security problems with older versions of Python,
| but the holes created by Python 2.2 are much bigger (big enough to
| drive an airplane carrier through).
--Guido van Rossum (home page: http://www.python.org/~guido/)