Security hole in rexec?

Troels Therkelsen t_therkelsen at hotmail.com
Sun Aug 25 19:46:26 CEST 2002


Thank you for your response.  While it does solve my immediate
concern, it does puzzle me that the whole thing is even possible;
__builtins__ should be read-only, but even if I make my own subclass
of dict that doesn't allow deletion of elements and pass that to exec
... in <my subclass of dict>, you can still delete it from within
exec.

Ah well.  I can live with the custom patch for now.  Perhaps
restricted execution will be solved in a more satisfactory manner
eventually :-)

Best regards,

Troels Therkelsen



More information about the Python-list mailing list