* Jakub Wilk jw...@debian.org, 2014-02-13, 00:27:
The CGI's code is supposed to be safeguarding against abuse,
The protection is not very good. (I'll disclose the details later.)
The exploit I had in mind was:
import re
from re import sys
imp = re.sys.modules['imp']
Hi.
Jakub Wilk jw...@debian.org writes:
* Jakub Wilk jw...@debian.org, 2014-02-13, 00:27:
The CGI's code is supposed to be safeguarding against abuse,
The protection is not very good. (I'll disclose the details later.)
The exploit I had in mind was:
import re
from re import sys
* Olivier Berger olivier.ber...@telecom-sudparis.eu, 2014-02-10, 10:51:
The CGI's code is supposed to be safeguarding against abuse,
The protection is not very good. (I'll disclose the details later.)
but I think some sandboxing would be better at the CGI invocation for
additional security.
Hi.
I'm looking for advice on how to package the Online Python Tutor's
backend server which can execute arbitrary Python scripts submitted by
the user.
The CGI's code is supposed to be safeguarding against abuse, but I think
some sandboxing would be better at the CGI invocation for additional
4 matches
Mail list logo