Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.lang.python > #31652

Re: use of exec()

Path csiph.com!usenet.pasdenom.info!weretis.net!feeder1.news.weretis.net!feeder.erje.net!newsfeed.xs4all.nl!newsfeed5.news.xs4all.nl!xs4all!post.news.xs4all.nl!not-for-mail
Return-Path <rosuav@gmail.com>
X-Original-To python-list@python.org
Delivered-To python-list@mail.python.org
X-Spam-Status OK 0.022
X-Spam-Evidence '*H*': 0.96; '*S*': 0.00; 'security.': 0.09; 'subject:()': 0.09; '(like': 0.15; '(must': 0.16; 'anyway).': 0.16; 'fine.': 0.16; 'from:addr:rosuav': 0.16; 'from:name:chris angelico': 0.16; 'limit,': 0.16; 'oct': 0.16; 'programmatic': 0.16; 'programmers.': 0.16; 'screening': 0.16; 'wrote:': 0.17; 'instance,': 0.17; 'memory': 0.18; 'sort': 0.21; 'fairly': 0.21; 'header:In-Reply-To:1': 0.25; 'common': 0.26; 'leave': 0.26; 'am,': 0.27; 'designer': 0.27; 'errors.': 0.27; 'in.': 0.27; 'message-id:@mail.gmail.com': 0.27; 'loop,': 0.29; 'van': 0.29; 'probably': 0.29; 'fri,': 0.30; 'code': 0.31; 'gets': 0.32; 'point,': 0.33; 'handle': 0.33; 'to:addr:python-list': 0.33; 'everyone': 0.33; 'received:google.com': 0.34; 'received:209.85': 0.35; 'add': 0.36; 'actions': 0.36; 'should': 0.36; 'option': 0.37; 'received:209': 0.37; 'subject:: ': 0.38; 'some': 0.38; 'to:addr:python.org': 0.39; 'header:Received:5': 0.40; 'help': 0.40; 'your': 0.60; 'customer': 0.61; "you'll": 0.62; 'stuck': 0.65; 'account': 0.67; 'eight': 0.71; 'sounds': 0.71; 'designers': 0.75; 'informed': 0.75; 'flexible,': 0.84
DKIM-Signature v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; bh=uxBjGDHhxuc61qOFdOL/NdkiNcgSzZ6pnEjX+pAfYQI=; b=dKdQA3G84h/xkdyOx/Y1nP5ikjdtU3nxCDjbDXoZnCfVPzTrXc7wybZajf4qNN3lAn Jz2GqHYUvqLFE75SP0CjINHM2T35ep+mzp1J1JzwCdiXS5/ZvCTc8JlxwUfXBZrd0RFs PezwLu64IMv2rsPvwv5ZjL2aGQTRtY1iYzY6vlE6Aw2ZHnQ1VTD1kxipHpDRvfNUL4hv 6zMli1VmlzaOajvkSCx0WFeyCfcR0q5XHFUUDpcnMGSDnP4MuDurIn3zNnv6VL7eIhVw 3EDgd5yGs/tHm02Q3lrME7YoF8gUo5vJfSpVxNR96Mnv1SFT4e9WogSQ5/oTRoau54WQ 89jg==
MIME-Version 1.0
In-Reply-To <2e5df7eb-7781-4c32-a9a7-088be940a4d3@googlegroups.com>
References <2f12fa83-54cc-4fc2-85e4-b8aebebf4242@googlegroups.com> <mailman.2425.1350560975.27098.python-list@python.org> <05702a47-ff6b-4589-8352-d21b1921e77e@googlegroups.com> <mailman.2438.1350570579.27098.python-list@python.org> <2e5df7eb-7781-4c32-a9a7-088be940a4d3@googlegroups.com>
Date Fri, 19 Oct 2012 02:16:46 +1100
Subject Re: use of exec()
From Chris Angelico <rosuav@gmail.com>
To python-list@python.org
Content-Type text/plain; charset=ISO-8859-1
Content-Transfer-Encoding quoted-printable
X-BeenThere python-list@python.org
X-Mailman-Version 2.1.15
Precedence list
List-Id General discussion list for the Python programming language <python-list.python.org>
List-Unsubscribe <http://mail.python.org/mailman/options/python-list>, <mailto:python-list-request@python.org?subject=unsubscribe>
List-Archive <http://mail.python.org/pipermail/python-list/>
List-Post <mailto:python-list@python.org>
List-Help <mailto:python-list-request@python.org?subject=help>
List-Subscribe <http://mail.python.org/mailman/listinfo/python-list>, <mailto:python-list-request@python.org?subject=subscribe>
Newsgroups comp.lang.python
Message-ID <mailman.2446.1350573409.27098.python-list@python.org> (permalink)
Lines 21
NNTP-Posting-Host 2001:888:2000:d::a6
X-Trace 1350573409 news.xs4all.nl 6908 [2001:888:2000:d::a6]:35397
X-Complaints-To abuse@xs4all.nl
Xref csiph.com comp.lang.python:31652

Show key headers only | View raw

On Fri, Oct 19, 2012 at 2:00 AM, lars van gemerden <lars@rational-it.com> wrote:
> I get your point, since in this case having the custom code option makes the system a whole lot less complex and flexible, i will leave the option in. The future customer will be informed that they should handle the security around the designers as if they were programmers. Aditionally i will probably add some screening for unwanted keywords (like 'import') and securely log any new/changed custom code including the designer account (must do that for other actions anyway).

That sounds like a reasonable implementation of Layer Eight security.
As long as everyone understands that this code can do ANYTHING, you'll
be fine.

You may want to add some other programmatic checks, though; for
instance, a watchdog timer in case the code gets stuck in an infinite
loop, or a memory usage limit, or somesuch. Since you're no longer
worrying about security, this sort of thing will be fairly easy, and
will be just to help catch common errors.

ChrisA

Back to comp.lang.python | Previous | NextPrevious in thread | Next in thread | Find similar | Unroll thread

Thread

use of exec() lars van gemerden <lars@rational-it.com> - 2012-10-18 04:41 -0700
  Re: use of exec() Chris Angelico <rosuav@gmail.com> - 2012-10-18 22:49 +1100
    Re: use of exec() lars van gemerden <lars@rational-it.com> - 2012-10-18 07:07 -0700
      Re: use of exec() Chris Angelico <rosuav@gmail.com> - 2012-10-19 01:29 +1100
        Re: use of exec() lars van gemerden <lars@rational-it.com> - 2012-10-18 08:00 -0700
          Re: use of exec() Chris Angelico <rosuav@gmail.com> - 2012-10-19 02:16 +1100
            Re: use of exec() lars van gemerden <lars@rational-it.com> - 2012-10-19 16:43 -0700
              Re: use of exec() Chris Angelico <rosuav@gmail.com> - 2012-10-20 13:00 +1100
                Re: use of exec() lars van gemerden <lars@rational-it.com> - 2012-10-20 03:41 -0700
                Re: use of exec() lars van gemerden <lars@rational-it.com> - 2012-10-20 03:41 -0700
            Re: use of exec() lars van gemerden <lars@rational-it.com> - 2012-10-19 16:43 -0700
        Re: use of exec() lars van gemerden <lars@rational-it.com> - 2012-10-18 08:00 -0700
    Re: use of exec() lars van gemerden <lars@rational-it.com> - 2012-10-18 07:07 -0700

csiph-web