Untrusted code execution
Chris Angelico
rosuav at gmail.com
Thu Apr 7 11:44:06 EDT 2016
On Fri, Apr 8, 2016 at 1:18 AM, Jon Ribbens
<jon+usenet at unequivocal.co.uk> wrote:
> No, actually absolutely no modules at all are safe to import directly.
> This is because the untrusted code might alter them, and then the
> altered code would be used by the trusted main application. Trivial
> examples might include altering hashlib to always return the same
> hash, 're' to always or never match, etc. If you import something
> then it needs to be a individual copy of the module, with each name
> referring either to an immutable object or to an individual proxy for
> the real object.
And this is why eval is way easier to secure than exec. No assignment.
When you start talking about eval as being the *easier* option, you
know things are scary...
ChrisA
More information about the Python-list
mailing list