Josh Rosenberg <shadowranger+pyt...@gmail.com> added the comment: A server that exposes arbitrary exec's to user-submitted data can already be controlled. exec can do anything that Python can do, that's the whole point. Sure, crashing Python is bad, but it could also keep Python alive and start dumping the database to arbitrary people, deleting files, etc.
Also, your Proof of Concept code is cluttered with pointless garbage AFAICT. Do you really need all the unused multiline strings to trigger this? ---------- nosy: +josh.r _______________________________________ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue32757> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
