On Thu, 2005-07-28 at 11:52, Mark Sapiro wrote: > The real issue here seems to be that the import from mm_cfg done in the > driver script is inadequately protected. The driver script > print_traceback definition contains > > try: > from Mailman.mm_cfg import VERSION > except ImportError: > VERSION = '<undetermined>' > > This is fine if there is an ImportError exception, but since mm_cfg.py > is edited by users, it is possible (likely) that there will be a > SyntaxError error exception here, and something more meaningful than > the "Mailman experienced a very low level failure and could not even > generate a useful traceback for you." message could be reported.
Bare excepts are evil, but maybe it's warranted in this situation. All we really care about is the VERSION variable you're right that users can easily put all manner of nastiness in there. -Barry
signature.asc
Description: This is a digitally signed message part
------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq01.027.htp