On Tue, Feb 24, 2009 at 12:27 AM, tav <t...@espians.com> wrote: > Daniel emailed in the exploit below and it is pretty devastating. It > takes advantage of the fact that the warnings framework in 2.6+ > dynamically imports modules without being explicitly called!! > > I've fixed this hole in safelite.py, but would be interested to know > if there are other non-user-initiated dynamically imported modules? > > Thanks Daniel for bringing this to our attention!
Grep the source for PyImport. -- --Guido van Rossum (home page: http://www.python.org/~guido/) _______________________________________________ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
