Home - News ( United States | United Kingdom | Italy | Germany ) - Football scores

Showing content from https://mail.python.org/pipermail/python-dev/2016-April/143792.html below:

[Python-Dev] Challenge: Please break this! (a.k.a restricted mode revisited)

• Previous message (by thread): [Python-Dev] Challenge: Please break this! (a.k.a restricted mode revisited)
• Next message (by thread): [Python-Dev] Challenge: Please break this! (a.k.a restricted mode revisited)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Apr 08, 2016 at 05:21:38PM +0200, Arthur Darcet wrote:
>    If i'm not mistaken, this breaks out:
>    > exec('open("out", "w").write("a")', {})
>    because if the second argument of exec does not contain a __builtins__
>    key, then a copy of the original builtins module is inserted:
>    https://docs.python.org/3/library/functions.html#exec

Ah, that's a good point. I did think allowing eval/exec was a bit
ambitious. I've updated it to disallow passing namespace arguments to
them.

• Previous message (by thread): [Python-Dev] Challenge: Please break this! (a.k.a restricted mode revisited)
• Next message (by thread): [Python-Dev] Challenge: Please break this! (a.k.a restricted mode revisited)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

RetroSearch is an open source project built by @garambo | Open a GitHub Issue

Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo

HTML: 3.2 | Encoding: UTF-8 | Version: 0.7.4