Re: Python rexec and Bastion flaws

[Carey Evans]

Martin Schulze wrote:
I'd rather know about the vulnerability (and maybe doko is able to
implement a fix) than to blindly castrate software.  Theo d.R. already
taught us that blindly releasing updates are not good.
Here's some relevant links for the bugs:
Deleting __builtins__:
  http://python.org/sf/577530
Modifying new-style classes:
  http://mail.python.org/pipermail/python-dev/2002-December/031160.html
Final thread about dropping rexec:
  http://mail.python.org/pipermail/python-dev/2003-January/031842.html
Please note that the two bugs described above are only the two *known* 
bugs - nobody knows how many other bugs there are in rexec.

--
Hanging is too good for a man who makes puns; he should be drawn and 
quoted.
-- Fred Allen

Re: Python rexec and Bastion flaws

[Neil Schemenauer]

Martin Schulze wrote:
 Ouch.  It's very sad that upstream says that they don't have the resources
 to fix security bugs in a widely used software.

AFAIK, rexec and Bastion are not widely used.

  Neil