> [rexec compromised by deleting __builtins__] > > This has been known for a while, see python.org/sf/577530. > > My recommendation is the same as always: don't trust rexec. > > --Guido van Rossum (home page: http://www.python.org/~guido/) I think it is a VERY BAD idea to advertise publicly that rexec can be used to "safely" restrict execution, while privately (ie, the above postings to a developers-only list and to sourceforge). Therefore I propose that the official documentation to the Python Library Reference for the module rexec be modified to add a note saying that rexec is not completely reliable and can be undermined by a knowledgable hacker. The current documentation STRONGLY implies this is NOT the case by explaining in detail the more minor susceptibility to DOS attacks (memory or CPU time) and raising SystemExit. Why not add something like the following to the beginning of the module documentation: """ Warning: While the rexec module is designed to perform as described below, it does have a few known vulnerabilities which could be exploited by carefully written code. Thus it should not be relied upon in situations requiring "production ready" security. In such situations, execution via sub-processes (a separate Python executable) or very careful "cleansing" of data to be processed may be necessary. Alternatively, help in patching known rexec vulnerabilities would be welcomed. """ Admitting to library weaknesses (especially in the area of security) doesn't make great PR, but at least it's honest! -- Michael Chermside
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4