rexec works strange...
Alex Martelli
aleaxit at yahoo.com
Wed Jun 20 08:35:25 EDT 2001
"Oleg Broytmann" <phd at phd.fep.ru> wrote in message
news:mailman.993034023.17205.python-list at python.org...
>
> (Ivan, please note - I am replying into the newsgroup, too)
>
> On Wed, 20 Jun 2001, Oleg Broytmann wrote:
> > On Wed, 20 Jun 2001, Ivan Ivanov wrote:
> > > Thank you for the help, I'll try to figure out how
> > > to do the first suggestion - disallow importing sys.
> > > This seems to be a good idea, I just don't know
> > > how to do it. Do you have better insight?
>
> Found it: it is the code
>
> ok_sys_names = ('ps1', 'ps2', 'copyright', 'version',
> 'platform', 'exit', 'maxint')
>
> To disallow sys.exit remove exit from the list. To do it in Python way:
Tuple (so you can't actually _remove_ it:-). You're correct in
recommending subclassing for such purposes, of course.
But sys.exit() is really innocuous, little more than a raise SystemExit.
Just .r_exec() the untrusted code in the try: clause of a try/except
that catches everything, as is HIGHLY advisable anyway:-), i.e. with
a clause of 'except:', and you'll catch SystemExit too.
Alex
More information about the Python-list
mailing list