Another scripting language implemented into Python itself?

Rocco Moretti roccomoretti at
Tue Jan 25 14:25:57 EST 2005

Bob Smith wrote:
> Rocco Moretti wrote:
>> Python's also dangerous. Every time you do an "import module", you put 
>> your system at risk of crashing, having the hard-drive wiped
> Have you been drinking again?

No, not really. The "every time" comment should be viewed in the same 
light as "Every time you step outside, you risk being hit by a bus."

"import module" executes Python code. As such it can do anything Python 
can do. Crash your system, wipe the hard drive, etc. And there is 
nothing the importing code can do to stop it. Now, if you limit yourself 
to known and trusted modules, that risk virtually disappears, just like 
staying on the sidewalk virtually eliminates the chances of getting hit 
by a bus. Not completely, mind you, since someone could have altered the 
standard library modules/changed the import path such that you're 
importing an unknown module. But most people would argue if someone has 
that power, they probably can do anything they want with your system 
without you doing "import module."

Bottom line: Don't exec or eval untrusted code. Don't import untrusted 

More information about the Python-list mailing list