On 4/30/07, Talin <[EMAIL PROTECTED]> wrote:
> Greg Ewing wrote:
> > Patrick Maupin wrote:
> >> Method calls are deliberately disallowed by the PEP, so that the
> >> implementation has some hope of being securable.
> > If attribute access is allowed, arbitrary code can already
> > be triggered, so I don't see how this makes a difference
> > to security.
> Not quite. It depends on what you mean by 'arbitrary code'. ...
If I understood that correctly, then
(1) The format string cannot run arbitrary code, but
(2) The formatted objects themselves can.
This is probably a feature, since you can pass proxy objects, but it
should definately be called out explicitly in the security section
(currently just some text in Simple and Compound Names section).
Example Text:
Note that while (literal strings used as) format strings are
effectively sandboxed, the formatted objects themselves are not.
"My name is {0[name]}".format(evil_map)
would still allow evil_map to run arbitrary code.
-jJ
_______________________________________________
Python-3000 mailing list
[email protected]
http://mail.python.org/mailman/listinfo/python-3000
Unsubscribe:
http://mail.python.org/mailman/options/python-3000/archive%40mail-archive.com
