Ben Finney <ben+pyt...@benfinney.id.au> wrote: >Chris Angelico <ros...@gmail.com> writes: > >> import base64; exec(…) > >That's all I need to know. Code with ‘exec()’ calls, I consider unsafe >by default.
Indeed. replacing exec with print... >>> print(base64.b64decode(b"eD0neD0lcjsgZXhlYyh4JSV4KSc7IGV4ZWMoeCV4KQ==")) x='x=%r; exec(x%%x)'; exec(x%x) so, discarding that second exec... >>> x='x=%r; exec(x%%x)' >>> print(x) x=%r; exec(x%%x) So it recurses, and if that second exec had been left in then it would be a fork bomb. -- https://mail.python.org/mailman/listinfo/python-list
