Dieter Maurer wrote:
Chris Withers wrote at 2007-11-20 23:55 +0000:
Dieter Maurer wrote:
You execute their code in a "globals" the "__builtins__" of which
contains precisely the builtins you want to give them.
unfortunately that still leaves the import problems, correct?

The "import" "command" is mapped to the "__import__" builtin.

Thus, changing the "__import__" builtin....

Hmmm, looking into this more. I think fiddling with supplying __builtins__ and __import__ is susceptible to those being deleted from the local or global namespace and so being replaced by ones from the above namespace.

Am I right in seeing those as security risks? These seem to be some of the reasons rexec and bastion were dropped from python:



Simplistix - Content Management, Zope & Python Consulting
Zope-Dev maillist  -
**  No cross posts or HTML encoding!  **
(Related lists - )

Reply via email to