Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]


Groups > comp.lang.python > #15969

Re: Server Questions (2 of them)

From Hrvoje Niksic <hniksic@xemacs.org>
Newsgroups comp.lang.python
Subject Re: Server Questions (2 of them)
Date 2011-11-20 22:44 +0100
Organization B.net Hrvatska d.o.o.
Message-ID <8762iesc3q.fsf@xemacs.org> (permalink)
References <4c5cedc5-65e4-4bca-a7fe-7afffde79c88@s6g2000vbc.googlegroups.com>

Show all headers | View raw


Andrew <andrew.chapkowski@gmail.com> writes:

> How to do you create a server that accepts a set of user code?
[...]

Look up the "exec" statement, the server can use it to execute any code
received from the client as a string.

Note "any code", though; exec runs in no sandbox and if a malicious
client defines addition(1, 2) to execute os.system('sudo rm -rf /'), the
server will happily do just that.

Back to comp.lang.python | Previous | NextPrevious in thread | Next in thread | Find similar | Unroll thread


Thread

Server Questions (2 of them) Andrew <andrew.chapkowski@gmail.com> - 2011-11-20 12:02 -0800
  Re: Server Questions (2 of them) Chris Angelico <rosuav@gmail.com> - 2011-11-21 08:34 +1100
  Re: Server Questions (2 of them) Hrvoje Niksic <hniksic@xemacs.org> - 2011-11-20 22:44 +0100
    Re: Server Questions (2 of them) Christian Heimes <lists@cheimes.de> - 2011-11-21 01:27 +0100
      Re: Server Questions (2 of them) alex23 <wuwei23@gmail.com> - 2011-11-20 20:26 -0800
  Re: Server Questions (2 of them) Nizamov Shawkat <nizamov.shawkat@gmail.com> - 2011-11-21 07:28 +0100

csiph-web