[Python-Dev] rexec.py unuseable

John Roth newsgroups at jhrothjr.com
Tue Dec 16 01:31:30 CET 2003


"Luke Kenneth Casson Leighton" <lkcl at lkcl.net> wrote in message
news:mailman.173.1071531381.9307.python-list at python.org...
> On Mon, Dec 15, 2003 at 04:36:35PM -0500, Jeremy Hylton wrote:
> > One kind of problem is that newer Python features were designed without
> > taking rexec into account.  It's possible for untrusted code to cause
> > the trusted interpreter to execute its code without restriction using
> > descriptors.  It would be really difficult to reconcile new-style
> > classes and rexec.  Perhaps a worthwhile project, but probably one
> > accomplished by design a new restriction mechanism that builds on some
> > of the basic mechanism of rexec.
>
>  okay.
>
>  i think the only really sensible way forward is to begin from a
>  sound basis - one that is going to be a big job to add retrospectively,
>  but a simple beginning can be made.

What's the use case for this?

Or from another perspective: let's assume that I want to accomplish
item 2 in my list of uses for exec, that is, accept an expression of
arbitrary complexity that is made up of lists, tuples, dicts, strings,
ints and floats, and return the object(s) that it describes.

How would I use ACLs to do that?

John Roth






More information about the Python-list mailing list