Security hole in rexec?

Troels Therkelsen t_therkelsen at
Sun Aug 25 13:46:26 EDT 2002

Thank you for your response.  While it does solve my immediate
concern, it does puzzle me that the whole thing is even possible;
__builtins__ should be read-only, but even if I make my own subclass
of dict that doesn't allow deletion of elements and pass that to exec
... in <my subclass of dict>, you can still delete it from within

Ah well.  I can live with the custom patch for now.  Perhaps
restricted execution will be solved in a more satisfactory manner
eventually :-)

Best regards,

Troels Therkelsen

More information about the Python-list mailing list