Dieter Maurer wrote:
Chris Withers wrote at 2007-11-20 23:55 +0000:
Dieter Maurer wrote:
You execute their code in a "globals" the "__builtins__" of which
contains precisely the builtins you want to give them.
unfortunately that still leaves the import problems, correct?


The "import" "command" is mapped to the "__import__" builtin.

Thus, changing the "__import__" builtin....

Hmmm, looking into this more. I think fiddling with supplying __builtins__ and __import__ is susceptible to those being deleted from the local or global namespace and so being replaced by ones from the above namespace.

Am I right in seeing those as security risks? These seem to be some of the reasons rexec and bastion were dropped from python:

http://bugs.python.org/issue577530

http://mail.python.org/pipermail/python-dev/2002-December/031160.html

cheers,

Chris

--
Simplistix - Content Management, Zope & Python Consulting
           - http://www.simplistix.co.uk
_______________________________________________
Zope-Dev maillist  -  Zope-Dev@zope.org
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope )

Reply via email to