On Sat, 4 Dec 2004, Chad Crabtree wrote: > Marilyn Davis wrote: > > >Thank you. You guys are great. > > > >I was trying to eval("import %s" % something). > > > >exec("import %s" % something) works just fine and now I understand > why. > > > >But, why is this so extremely dangerous? > > > >Marilyn > > > > > Mainly it's only extremely dangerous if it's going to be attacked at > all. What I mean is it will run any code that it imports this way, > even > untrusted code(possibly). Mostly I think that it's difficult to > debug, > however if it works you should use it. It seems that many people do > this at one point or another, and considered I guess inelegent by > some. > If security is an issue then this is a very big no no according to > what > I've heard.
And Alan said: > But much better to use the __import__() function for doing that if > possible... Or simply importing all the modules you might need at the > beginning, its not a big overhead... > > Alan G. There's something about this that I'm not getting. Is it more dangerous than having the python interpreter around? Users will have access to our machine via the web and via email. We want to be safe against attack. As I understand it, Apache has modpython, so it runs all the python code that happens, no matter how many users, with only one copy of the interpreter in memory. It's sort of a big exec-machine, isn't it? I want to do the same trick for my Mail Transfer Agent, exim. Exim has a new feature where you can configure it to talk to an AF_UNIX socket to get any info it needs. An AF_UNIX socket is file-based and is not open for outside machines to connect to. So I made a little python program with a socket and threads so that exim can call the various python programs that I've written for sorting out mail. I don't want to introduce insecurity. But also I want to really understand what the problem is -- especially because I teach python. And I can't see the security problem, unless there's a security problem already, like if I allowed incoming email to dictate the parameters that I send through the socket. The email provides data for argv[1:] but argv[0] is hard-coded. And I don't see how web traffic can get there at all. If we had real users with login rights, then they could get to the interpreter and wouldn't need my little daemon to wreck havoc -- if I had my persmissions wrong. So what am I missing? Thank you for your help. Marilyn _______________________________________________ Tutor maillist - [EMAIL PROTECTED] http://mail.python.org/mailman/listinfo/tutor