[Python-Dev] Some news from my sandbox project

[Greg Ewing]

Victor Stinner wrote:

> I'm still developing irregulary my sandbox project since last june. 

> Today, the biggest problem is the creation of a read only view of the 
> __builtins__ dictionary.

Why do you think you need to do this? What form of attack
would a writable __builtins__ expose you to that would be
prevented by making it read-only?

Seems to me that the only way you could exploit a writable
__builtins__ would be to put a function in there that does
something bad. But if you can create or obtain such a
function in the first place, you can just call it directly.

-- 
Greg