[Python-Dev] Some news from my sandbox project
greg.ewing at canterbury.ac.nz
Sat Sep 18 10:24:49 CEST 2010
Victor Stinner wrote:
> I'm still developing irregulary my sandbox project since last june.
> Today, the biggest problem is the creation of a read only view of the
> __builtins__ dictionary.
Why do you think you need to do this? What form of attack
would a writable __builtins__ expose you to that would be
prevented by making it read-only?
Seems to me that the only way you could exploit a writable
__builtins__ would be to put a function in there that does
something bad. But if you can create or obtain such a
function in the first place, you can just call it directly.
More information about the Python-Dev