Untrusted code execution
Chris Angelico
rosuav at gmail.com
Wed Apr 6 12:04:10 EDT 2016
On Thu, Apr 7, 2016 at 1:41 AM, Ian Kelly <ian.g.kelly at gmail.com> wrote:
> type might also be a concern since it can be used to assemble
> arbitrary classes.
Sadly, this means denying the ability to interrogate an object for its
type. And no, this won't do:
def safe_type(obj): return type(obj)
because all you need is safe_type(safe_type(1)) and you've just
regained access to the original 'type' type.
ChrisA
More information about the Python-list
mailing list