I want to use the eval() function of python as simple ultra-restricted expression evaluator. So, when executing r_eval(), I want to pass a dictionnary of the local and global variables, just like it is possible with eval(). However, r_eval() does not allow it.
Logged In: YES user_id=21627 The rexec module does not provide restricted execution, so you should not be using it in the first place. Closing this as "won't fix".
Logged In: YES user_id=233844 http://www.python.org/doc/2.3.3/lib/module-rexec.html reads: "17.1 rexec -- Restricted execution framework" so it looks like the module does provide a "Restricted execution framework", no ? Now, I assume that you mean that the module has been marked obsolete in the most recent of python (which I am not using). Is there any replacement available ?
Logged In: YES user_id=21627 No, not marked obsolete: "Changed in version 2.3: Disabled module." "While the rexec module is designed to perform as described below, it does have a few known vulnerabilities which could be exploited by carefully written code. " Even in 2.2, when it still was enabled, it did not actually do what it was designed to do, and it is not possible to fix it. Also, there is no replacement available.
