Ka-Ping Yee wrote:
> 2. Python will become vulnerable to a new class of security
> exploits via the writing of misleading or malicious code
> that is visually indistinguishable from correct code.
> Consequently it will be more difficult for humans to
> inspect code and assure its correctness or trustworthiness.
> There is very little established best practice for
> addressing homograph security issues.
>
Isn't it already easy enough to do that today?
>>> import base64; exec
base64.decodestring('cHJpbnQgJ0hlbGxvLCB3b3JsZCEn\n')
... Hello, world!
Admittedly, you could look for anything like that and be suspicious, but
running a program from an untrusted source is always going to be
dangerous. For standalone applications, you can already do things like
compile malicious C extension modules that are impossible to verify.
As for programs that use Python for scripting, shouldn't it be up to
them to ensure that it runs in a restricted environment? A browser, for
instance, would have to do that already.
- Ian D. Bollinger
_______________________________________________
Python-3000 mailing list
Python-3000@python.org
http://mail.python.org/mailman/listinfo/python-3000
Unsubscribe:
http://mail.python.org/mailman/options/python-3000/archive%40mail-archive.com
