Path: csiph.com!v102.xanadu-bbs.net!xanadu-bbs.net!news.mixmin.net!rt.uk.eu.org!newsfeed.xs4all.nl!newsfeed4.news.xs4all.nl!xs4all!newsgate.cistron.nl!newsgate.news.xs4all.nl!post.news.xs4all.nl!not-for-mail
Return-Path: <python-python-list@m.gmane.org>
X-Original-To: python-list@python.org
Delivered-To: python-list@mail.python.org
X-Spam-Status: OK 0.011
X-Spam-Evidence: '*H*': 0.98; '*S*': 0.00; 'cpython': 0.05; 'interpreter': 0.05; 'purpose.': 0.07; 'doctest': 0.09; 'received:80.91': 0.09; 'received:80.91.229': 0.09; 'received:gmane.org': 0.09; 'received:list': 0.09; 'used.': 0.09; 'python': 0.11; 'jan': 0.12; 'windows': 0.15; 'bugs.': 0.16; 'evaluating': 0.16; 'exceptions,': 0.16; 'namedtuple': 0.16; 'received:80.91.229.3': 0.16; 'received:plane.gmane.org': 0.16; 'reedy': 0.16; 'roy': 0.16; 'simplified': 0.16; 'subject:expression': 0.16; 'wrote:': 0.18; 'code.': 0.18; 'command': 0.22; 'machine': 0.22; '>>>': 0.22; 'code,': 0.22; 'aug': 0.22; 'header:User-Agent:1': 0.23; 'example.': 0.24; '(or': 0.24; 'handling': 0.26; 'header:X-Complaints-To:1': 0.27; 'header :In-Reply-To:1': 0.27; 'point': 0.28; 'am,': 0.29; 'expansion': 0.30; '(which': 0.31; 'code': 0.31; 'easier': 0.31; 'usually': 0.31; "d'aprano": 0.31; 'steven': 0.31; 'run': 0.32; 'fri,': 0.33; "can't": 0.35; 'something': 0.35; 'but': 0.35; 'there': 0.35; 'version': 0.36; 'executing': 0.36; 'idle': 0.36; 'introducing': 0.36; 'subject:?': 0.36; 'should': 0.36; 'wrong': 0.37; 'two': 0.37; 'being': 0.38; 'sometimes': 0.38; 'to:addr:python-list': 0.38; 'does': 0.39; 'received:71': 0.39; 'to:addr:python.org': 0.39; 'enough': 0.39; 'received:org': 0.40; 'how': 0.40; 'ensure': 0.60; 'even': 0.60; 'course.': 0.60; 'expression': 0.60; 'then,': 0.60; "you're": 0.61; 'first': 0.61; 'specialized': 0.65; 'within': 0.65; 'here': 0.66; 'production': 0.68; 'smith': 0.68; 'physical': 0.72; 'article': 0.77; 'explorer': 0.84; 'received:fios.verizon.net': 0.84; 'trust?': 0.84; 'careful': 0.91; 'safety,': 0.91; 'dirty': 0.93; 'serious': 0.97
X-Injected-Via-Gmane: http://gmane.org/
To: python-list@python.org
From: Terry Reedy <tjreedy@udel.edu>
Subject: Re: dict to boolean expression, how to?
Date: Fri, 01 Aug 2014 18:16:54 -0400
References: <53db8bd8$0$2976$e4fe514c@news2.news.xs4all.nl> <53db95e6$0$29986$c3e8da3$5496439d@news.astraweb.com> <roy-6C65E6.09323601082014@news.panix.com> <53dbabee$0$29986$c3e8da3$5496439d@news.astraweb.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Gmane-NNTP-Posting-Host: pool-71-175-90-87.phlapa.fios.verizon.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.6.0
In-Reply-To: <53dbabee$0$29986$c3e8da3$5496439d@news.astraweb.com>
X-BeenThere: python-list@python.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: General discussion list for the Python programming language <python-list.python.org>
List-Unsubscribe: <https://mail.python.org/mailman/options/python-list>, <mailto:python-list-request@python.org?subject=unsubscribe>
List-Archive: <http://mail.python.org/pipermail/python-list/>
List-Post: <mailto:python-list@python.org>
List-Help: <mailto:python-list-request@python.org?subject=help>
List-Subscribe: <https://mail.python.org/mailman/listinfo/python-list>, <mailto:python-list-request@python.org?subject=subscribe>
Newsgroups: comp.lang.python
Message-ID: <mailman.12526.1406931438.18130.python-list@python.org>
Lines: 50
NNTP-Posting-Host: 2001:888:2000:d::a6
X-Trace: 1406931438 news.xs4all.nl 2893 [2001:888:2000:d::a6]:40909
X-Complaints-To: abuse@xs4all.nl
Xref: csiph.com comp.lang.python:75503

On 8/1/2014 11:02 AM, Steven D'Aprano wrote:
> On Fri, 01 Aug 2014 09:32:36 -0400, Roy Smith wrote:
>
>> In article <53db95e6$0$29986$c3e8da3$5496439d@news.astraweb.com>,
>>   Steven D'Aprano <steve+comp.lang.python@pearwood.info> wrote:
>>
>>> eval is almost never the right solution to any problem, and in the very
>>> few exceptions, it needs careful handling by an expert to ensure you're
>>> not introducing serious security bugs.
>>
>> Corollary to that rule: All the people who are smart enough to actually
>> understand how to use eval() safety, are also smart enough to know not
>> to use it.

Eval is a specialized version of exec. Everything you do on a computer 
is evaluating and executing code. Here is a highly simplified version of 
a Python interpreter:

user_program = get_user_python_code()
__main__ = make_global_namespace()
exec(user_program, __main__, __main__)

CPython codes an expansion of the above in C. Idle uses an expansion of 
the above to do the same thing.

The threat model is executing code from someone who does not have 
physical access to a machine to just run code and who should not be trusted.

> ... smart enough to know WHEN to use it (which is *rarely*).
>
> That's in production code, of course. There's nothing wrong with using
> eval in the interactive interpreter for quick and dirty exploration. But
> even then, I find that it's usually easier to write a line or two of
> Python code to process something than to try using eval.
>
> There are uses for eval (or exec), even if production code. See
> collections.namedtuple, doctest, and timeit, for example. In the first
> place, namedtuple takes extra care to sanitise the data being used. In
> the case of doctest and timeit, the whole point of them is to run trusted
> code. If you can't trust your own code that you're timing, what can you
> trust?

Exactly. If someone can start Python or Idle on a machine, they can 
start Windows Explorer and Command Prompt. Idle exec's user code because 
emulating the interactive interpreter is part of its purpose. It 
sometimes evals expression within user code in response to user requests.

-- 
Terry Jan Reedy