Kevin Jacobs wrote:
> Good. I only partly agree with it myself. However, rexec _is_ brittle, as
> demonstrated by the many incremental problems that keep popping up, even
> pre-Python 2.2.
I only have now looked in my dictionary to find the translation for
"brittle" :-) (I think "brüchig" is the proper translation in this context)
I agree it is brittle. It should be possible to macerate it, though.
> I agree, though seeing how it can be fixed is not the same as deciding that
> it is the optimal solution. I'm starting out with a very open mind and am
> purposely solicting for as much input as possible.
I think any maintainer of such a feature would need to take the existing
code base into account. Current users would certainly be served best if
rexec would work.
> The closure of all objects reachable (via introspection) from
> a given starting set can be _very_ large and non-trivial to compute.
> Limiting introspection is a simple way to close many of possible holes
> through which references to untrusted objects can be obtained.
I guess you have to define "introspection", then. To navigate to an
object, I don't need introspection: I can just access the attributes,
without investigating first which objects are there.
IOW, if I Tkinter.open was the builtin open function, I would not need
to use introspection to find out it was there - I could just *use*
Tkinter.open("/etc/passwd", "a"). In Python, anything that is reachable
with introspection is also reachable without introspection.
Regards,
Martin
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4