[Python-Dev] Challenge: Please break this! [Now with blog post]

Antoine Pitrou solipsis at pitrou.net
Tue Feb 24 12:11:13 CET 2009

tav <tav <at> espians.com> writes:
> I've fixed this hole in safelite.py, but would be interested to know
> if there are other non-user-initiated dynamically imported modules?

You'd better make __builtins__ read-only, it will plug a whole class of attacks
like this.

More information about the Python-Dev mailing list