Running external module and accessing the created objects

Kene Meniru kemeniru at gmail.com
Tue Mar 12 14:38:59 CET 2013


Michael Torrie <torriem <at> gmail.com> writes:

> It's not possible to setuid a python script, so I don't see how execfile
> or exec is any more dangerous than the user creating a shell script that
> rm -rf * things, and then running it.
> 
> Bash "exec's" scripts all the time that users create and provide.  How
> is this different and what issues did you have in mind, exactly?
> 

This is close to my reasoning too, although I appreciate Dave's concern.






More information about the Python-list mailing list