On Fri, Apr 08, 2016 at 05:49:12PM +0200, Marcin KoĆcielnicki wrote:
> On 08/04/16 16:18, Jon Ribbens wrote:
> That one is trivially fixable, but here goes:
>
> async def a():
> global c
> c = b.cr_frame.f_back.f_back.f_back
>
> b = a()
> b.send(None)
> c.f_builtins['print']('broken')
Ah, I've not used Python 3.5, and I can't find any documentation on
this cr_frame business, but I've added cr_frame and f_back to the
disallowed attributes list.
> Also, if the point of giving me a subclass of datetime is to prevent access
> to the actual class, that can be circumvented:
>
> >>> real_datetime = datetime.datetime.mro()[1]
> >>> real_datetime
> <class 'datetime.datetime'>
>
> But I'm not sure what good that is.
It means you can alter the datetime class that is used by the
containing application, which is bad - you could lie to it about
what day it is for example ;-)
I've made it so instead of a direct subclass it now makes an
intermediate subclass which makes mro() return an empty list.
_______________________________________________
Python-Dev mailing list
Python-Dev@python.org
https://mail.python.org/mailman/listinfo/python-dev
Unsubscribe:
https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
