[Python-Dev] Some news from my sandbox project (original) (raw)
Robert Collins robertc at robertcollins.net
Sat Sep 18 10:39:58 CEST 2010
- Previous message: [Python-Dev] Some news from my sandbox project
- Next message: [Python-Dev] Some news from my sandbox project
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Sat, Sep 18, 2010 at 8:24 PM, Greg Ewing <greg.ewing at canterbury.ac.nz> wrote:
Victor Stinner wrote:
I'm still developing irregulary my sandbox project since last june. Today, the biggest problem is the creation of a read only view of the builtins dictionary. Why do you think you need to do this? What form of attack would a writable builtins expose you to that would be prevented by making it read-only? Seems to me that the only way you could exploit a writable builtins would be to put a function in there that does something bad. But if you can create or obtain such a function in the first place, you can just call it directly.
builtins is in everyone's global namespace, so if it can be mutated, different python programs running in the same sandbox can affect each other.
Ditto sys.modules and os environ, but I guess that those are already addressed.
-Rob
- Previous message: [Python-Dev] Some news from my sandbox project
- Next message: [Python-Dev] Some news from my sandbox project
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]