[Python-3000] Addition to PEP 3101 (original) (raw)
Guido van Rossum guido at python.org
Tue May 1 18:48:43 CEST 2007
- Previous message: [Python-3000] Addition to PEP 3101
- Next message: [Python-3000] Addition to PEP 3101
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On 5/1/07, Jim Jewett <jimjjewett at gmail.com> wrote:
On 4/30/07, Talin <talin at acm.org> wrote: > Greg Ewing wrote: > > Patrick Maupin wrote:
> >> Method calls are deliberately disallowed by the PEP, so that the > >> implementation has some hope of being securable. > > If attribute access is allowed, arbitrary code can already > > be triggered, so I don't see how this makes a difference > > to security. > Not quite. It depends on what you mean by 'arbitrary code'. ... If I understood that correctly, then (1) The format string cannot run arbitrary code, but (2) The formatted objects themselves can. This is probably a feature, since you can pass proxy objects, but it should definately be called out explicitly in the security section (currently just some text in Simple and Compound Names section). Example Text:
Note that while (literal strings used as) format strings are effectively sandboxed, the formatted objects themselves are not. "My name is {0[name]}".format(evilmap) would still allow evilmap to run arbitrary code.
And how on earth would that be a security threat?
-- --Guido van Rossum (home page: http://www.python.org/~guido/)
- Previous message: [Python-3000] Addition to PEP 3101
- Next message: [Python-3000] Addition to PEP 3101
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]