On Fri, Apr 08, 2016 at 05:21:38PM +0200, Arthur Darcet wrote:
> If i'm not mistaken, this breaks out:
> > exec('open("out", "w").write("a")', {})
> because if the second argument of exec does not contain a __builtins__
> key, then a copy of the original builtins module is inserted:
> https://docs.python.org/3/library/functions.html#exec
Ah, that's a good point. I did think allowing eval/exec was a bit
ambitious. I've updated it to disallow passing namespace arguments to
them.
_______________________________________________
Python-Dev mailing list
Python-Dev@python.org
https://mail.python.org/mailman/listinfo/python-dev
Unsubscribe:
https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
