[Tutor] Re: Suggestions for cleaner code [be careful about
input()]
Danny Yoo
dyoo@hkn.eecs.berkeley.edu
Wed Jul 9 14:40:07 2003
On Wed, 9 Jul 2003, Magnus [iso-8859-1] Lyck=E5 wrote:
> At 18:02 2003-07-08 -0700, Jeff Shannon wrote:
>
> >Even worse, someone could easily type something like 'import os;
> >os.system("rm -s /")' -- this *will* import the os module and spawn a
> >shell that will attempt to delete every file on your system.
>
> No it won't. You can only evaluate expressions, not arbitrary
> statements. But the second part 'os.system("rm -s /")' is certainly
> possible, so if the program has already imported the os module, you are
> definitely in danger.
Jeff had the right idea. If we use the __import__() builtin, the approach
works. That is:
__import__('os').system('ls')
is an example of something that input() will blissfully execute. This is
what makes input() potentially dangerous.
Hope this helps!