On Fri, 18 Aug 2006 11:45:05 -0700, Andy Terrel wrote:
> here is an easy hack, I don't know if there is an explicit function.
>
>
> for i in dir():
> if eval(i) == Banana:
> print i
Let's just hope that there is no way for black-hats to remotely inject
code objects into your namespace:
>>> class Killer:
... def __repr__(self):
... import os
... os.system('echo Do something evil...')
... return "Your system is 0wn3d"
...
>>> x = Killer()
Now x is sitting there in your namespace like a mine, just waiting for
you to call eval('x').
Okay, so maybe it isn't the most likely security threat in the universe,
but it is a reminder that eval() can have side-effects. In this specific
instance, if repr() has a side-effect (e.g. an object that knows how many
times it has been printed), so will your code. That's probably not a good
thing to do.
--
Steven D'Aprano
--
http://mail.python.org/mailman/listinfo/python-list
