Paul Moore added the comment: >> I am puzzled as to why "use safe_exec rather than exec" isn't an option
> Because you're going to have a hard time convincing malware authors to use it. :-) So the malicious payload is the whole python command, not just file.bin. OK, fair enough. But in that case, why hook into exec? The malware author can execute arbitrary Python so doesn't *need* exec. As I say, though, I'm not an expert in security threats, so I'm OK with accepting that there's a hole here and the proposal plugs it. ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue26137> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
