What YAML engine do you use?
Sion Arrowsmith
siona at chiark.greenend.org.uk
Tue Jan 25 07:19:34 EST 2005
Fredrik Lundh <fredrik at pythonware.com> wrote:
>Sion Arrowsmith wrote:
>> I'm probably not thinking deviously enough here, but how are you
>> going to exploit an eval() which has very tightly controlled
>> globals and locals (eg. eval(x, {"__builtins__": None}, {}) ?
>try this:
>
> eval("'*'*1000000*2*2*2*2*2*2*2*2*2")
No thanks.
I guess my problem is a tendency view security issues from the
point of view of access to data rather than access to processing.
--
\S -- siona at chiark.greenend.org.uk -- http://www.chaos.org.uk/~sion/
___ | "Frankly I have no feelings towards penguins one way or the other"
\X/ | -- Arthur C. Clarke
her nu becomeþ se bera eadward ofdun hlæddre heafdes bæce bump bump bump
More information about the Python-list
mailing list