Python 2.3b1: RuntimeError using rexec

Jeremy Fincher tweedgeezer at
Wed Apr 30 06:32:45 CEST 2003

martin at (Martin v. Löwis) wrote in message news:<m31xzl6pac.fsf at>...
> eval should work, but it won't be safe if you cannot trust the string.

I'm curious, if the string was eval'ed in an environment that included
nothing except an empty __builtins__, would there be any non-DoS
security hole?  Obviously the attack could DoS by making some value
10**10**10**10 or something, but is there any actual *security* breach


More information about the Python-list mailing list