"Kent Johnson" <[EMAIL PROTECTED]> wrote
This works just as well:
s = '__import__("os").system("rm -rf /")'
I don' think it would since the eval would call tuple
which would return a tuple of characters which would
not unpack into x,y so throwing an error.
Care to try it? It does raise an exception but not until after the
import expression is evaluated and the damage is done.
Rats, so it does!
My initial test didn't fail because I put the literal string
into the tuple() call but when you use the string addition
you lose the quotes. But then you need to lose the quotes
for the eval of the list to work too so just adding quotes
doesn't work either.
Pity, I've used that technique with lisp and its been OK
but obviously not with Python. Back to the drawing board!
Thanks for keeping me straight Kent! (and John)
Alan G.
_______________________________________________
Tutor maillist - Tutor@python.org
http://mail.python.org/mailman/listinfo/tutor
