Guido van Rossum added the comment: ISTM Nick meant that the exception that was raised can't cause arbitrary code execution.
On Wednesday, October 1, 2014, Antony Lee <rep...@bugs.python.org> wrote: > > Antony Lee added the comment: > > "it looks like all the avenues for arbitrary code execution while checking > if an exception handler matches a thrown an exception are closed off." > > This seems to be directly contradicted by your previous sentence: "the > except clause accepts any expressions producing a tuple or BaseException > instance". > > e.g. > > === > > >>> def f(): raise AttributeError > ... > >>> try: raise IndexError > ... except f(): raise KeyError > ... > Traceback (most recent call last): > File "<stdin>", line 1, in <module> > IndexError > > During handling of the above exception, another exception occurred: > > Traceback (most recent call last): > File "<stdin>", line 2, in <module> > File "<stdin>", line 1, in f > AttributeError > > === > > (note that f() is evaluated only if the body of "try" actually raises) > > ---------- > nosy: +Antony.Lee > > _______________________________________ > Python tracker <rep...@bugs.python.org <javascript:;>> > <http://bugs.python.org/issue12029> > _______________________________________ > ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue12029> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
