Dieter Maurer wrote:
Chris Withers wrote at 2007-11-20 23:55 +0000:
Dieter Maurer wrote:
You execute their code in a "globals" the "__builtins__" of which
contains precisely the builtins you want to give them.
unfortunately that still leaves the import problems, correct?
The "import" "command" is mapped to the "__import__" builtin.
Thus, changing the "__import__" builtin....
Hmmm, looking into this more. I think fiddling with supplying
__builtins__ and __import__ is susceptible to those being deleted from
the local or global namespace and so being replaced by ones from the
above namespace.
Am I right in seeing those as security risks? These seem to be some of
the reasons rexec and bastion were dropped from python:
http://bugs.python.org/issue577530
http://mail.python.org/pipermail/python-dev/2002-December/031160.html
cheers,
Chris
--
Simplistix - Content Management, Zope & Python Consulting
- http://www.simplistix.co.uk
_______________________________________________
Zope-Dev maillist - [email protected]
http://mail.zope.org/mailman/listinfo/zope-dev
** No cross posts or HTML encoding! **
(Related lists -
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope )
