exarkun at divmod.com
Wed Oct 5 19:13:45 CEST 2005
On Wed, 5 Oct 2005 18:47:06 +0200, Sybren Stuvel <sybrenuse at yourthirdtower.com.imagination> wrote:
>Flavio enlightened us with:
>> Can anyone tell me why, if the following code works, I should not do
>> def fun(a=1,b=2,**args):
>> print 'locals:',locals()
>> print locals()
>Because it's very, very, very insecure. What would happen if someone
>found a way to call that function? It could replace any name in the
>locals dictionary, including functions from __builtins__. In other
>words: probably the whole program could be taken over by other code by
>just one call to that function.
If I can call functions in your process space, I've already taken over your whole program.
More information about the Python-list