Hi Brett, On Tue, Jun 27, 2006 at 10:32:08AM -0700, Brett Cannon wrote: > OK, with you and Thomas both wanting to keep it I will let it be. I just > won't worry about fixing it myself during my interpreter hardening crusade.
I agree with this too. If I remember correctly, you even mentioned in your rexec docs that sys.setrecursionlimit() should be disallowed from being run by untrusted code, which means that an untrusted interpreter would be safe. I guess we could add an example of a bogus 'new.code()' call in the Lib/test/crashers directory too, without you having to worry about it in untrusted mode if new.code() is forbidden. I could also add my 'gc.get_referrers()' attack, which should similarly not be callable from untrusted code anyway. A bientot, Armin _______________________________________________ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com