On 5/1/07, Jim Jewett <[EMAIL PROTECTED]> wrote:
> On 5/1/07, Guido van Rossum <[EMAIL PROTECTED]> wrote:
> > On 5/1/07, Jim Jewett <[EMAIL PROTECTED]> wrote:
>
> > > Note that while (literal strings used as) format strings are
> > > effectively sandboxed, the formatted objects themselves are not.
>
> > > "My name is {0[name]}".format(evil_map)
>
> > > would still allow evil_map to run arbitrary code.
>
> > And how on earth would that be a security threat?
>
> There are some things you can safely do with even arbitrary objects --
> such as appending them to a list.
>
> By mentioning security as a reason to restrict the format, it suggests
> that this is another safe context. It isn't.
But your presumption that the map is already evil makes it irrelevant
whether the format is safe or not. Having the evil map is the problem,
not passing it to the format operation.
--
--Guido van Rossum (home page: http://www.python.org/~guido/)
_______________________________________________
Python-3000 mailing list
[email protected]
http://mail.python.org/mailman/listinfo/python-3000
Unsubscribe:
http://mail.python.org/mailman/options/python-3000/archive%40mail-archive.com
