[Python-Dev] rexec.py unuseable (original) (raw)
Luke Kenneth Casson Leighton lkcl at lkcl.net
Mon Dec 15 14:10:23 EST 2003
- Previous message: [Python-Dev] rexec.py unuseable
- Next message: [Python-Dev] rexec.py unuseable
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Mon, Dec 15, 2003 at 12:01:07PM -0600, Skip Montanaro wrote:
Luke> well, uhm, if [rexec]'s broken, why hasn't it been reverted to the Luke> 2.0 code? My understanding was that in 2.0 it was also broken, but that (relatively) recent changes to Python made the breakage easier to exploit.
the issue is [back-tracking to the 2.0 code],
were those "breakages" actually features, or were they definitely "breakages"?
i.e.
was it 1)
was it just unexpected behaviour in that a function
_called_ by a rexec'd restricted routine could do,
for example writes;
was it that an unrestricted function, module or
variable imported by a rexec'd restricted routine or
module could be accessed.
e.g. like this:
contents of bypassmodule.py:
import open as unrestrictedopen
then code run under rexec:
from bypassmodule import unrestrictedopen
both of these things i would consider to be
totally acceptable behaviour of the [2.] rexec.py
module!!!
i would NOT consider them to be a bug, and in fact
are desirable behaviour in order to get my code working.
i believe that there exists in [2.0] rexec a mechanism
to specify what functions are allowed in a particular
module, so i could restrict access to the
bypassmodule.unrestrictedopen function, if necessary.OR was it 2)
a genuine bug.As for alternatives, I suggest you post a query on comp.lang.python (aka python-list at python.org).
ta!
Skip
--
expecting email to be received and understood is a bit like picking up the telephone and immediately dialing without checking for a dial-tone; speaking immediately without listening for either an answer or ring-tone; hanging up immediately and then expecting someone to call you (and to be able to call you).
every day, people send out email expecting it to be received without being tampered with, read by other people, delayed or simply - without prejudice but lots of incompetence - destroyed.
please therefore treat email more like you would a CB radio to communicate across the world (via relaying stations): ask and expect people to confirm receipt; send nothing that you don't mind everyone in the world knowing about...
- Previous message: [Python-Dev] rexec.py unuseable
- Next message: [Python-Dev] rexec.py unuseable
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]