Ethan Glasser-Camp wrote:
However, when I tried to exploit this in my level file format, I got:
IOError: file() constructor not accessible in restricted mode
There are still remnants of the old restricted mode
around, and they may prevent some exploits of this
kind. But considering that the above trick can be
used to get hold of *any* builtin or new-style
class in the system (they're all ultimately subclasses
of object) you could never be sure that all possible
exploits had been blocked.
Where can I find information on these efforts?
There were discussions about it on the python-dev
list recently.
--
Greg
