Emanuele D'Arrigo write:
In what ways would the untrusted string be able to obtain the original, built-in open function and open a file for writing?
Yes, if you know some tricks:
[cls for cls in object.__subclasses__() if cls.__name__ == 'file'][0]
<type 'file'> Christian -- http://mail.python.org/mailman/listinfo/python-list
