On 03/11/2013 06:48 PM, Dave Angel wrote: > I hope you're just kidding. execfile() and exec() are two of the most > dangerous mechanisms around. import or __import__() would be much > better, as long as your user hasn't already run myapp.py as his script.
It's not possible to setuid a python script, so I don't see how execfile or exec is any more dangerous than the user creating a shell script that rm -rf * things, and then running it. Bash "exec's" scripts all the time that users create and provide. How is this different and what issues did you have in mind, exactly? -- http://mail.python.org/mailman/listinfo/python-list
