Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.lang.python > #31784
| Path | csiph.com!usenet.pasdenom.info!gegeweb.org!de-l.enfer-du-nord.net!feeder1.enfer-du-nord.net!feeds.phibee-telecom.net!newsfeed.xs4all.nl!newsfeed5.news.xs4all.nl!xs4all!post.news.xs4all.nl!not-for-mail |
|---|---|
| Return-Path | <lars@rational-it.com> |
| X-Original-To | python-list@python.org |
| Delivered-To | python-list@mail.python.org |
| X-Spam-Status | OK 0.006 |
| X-Spam-Evidence | '*H*': 0.99; '*S*': 0.00; 'security.': 0.09; 'subject:()': 0.09; 'to:addr:comp.lang.python': 0.09; 'cc:addr :python-list': 0.10; '(like': 0.15; '"lambda"': 0.16; "'body'": 0.16; '(must': 0.16; 'anyway).': 0.16; 'fine.': 0.16; 'lambda': 0.16; 'limit,': 0.16; 'oct': 0.16; 'programmatic': 0.16; 'programmers.': 0.16; 'screening': 0.16; 'wrote:': 0.17; 'instance,': 0.17; 'memory': 0.18; 'sort': 0.21; 'fairly': 0.21; 'cheers,': 0.23; 'cc:2**0': 0.23; 'cc:no real name:2**0': 0.24; 'cc:addr:python.org': 0.25; 'header:In-Reply-To:1': 0.25; 'header :User-Agent:1': 0.26; 'common': 0.26; 'leave': 0.26; 'extend': 0.26; 'am,': 0.27; 'designer': 0.27; 'errors.': 0.27; 'in.': 0.27; 'chris': 0.28; 'loop,': 0.29; 'van': 0.29; 'probably': 0.29; 'fri,': 0.30; 'thursday,': 0.30; 'code': 0.31; 'gets': 0.32; 'point,': 0.33; 'handle': 0.33; 'everyone': 0.33; 'version': 0.34; 'received:google.com': 0.34; 'received:209.85.220': 0.35; 'received:209.85': 0.35; 'add': 0.36; 'actions': 0.36; 'should': 0.36; 'october': 0.37; 'option': 0.37; 'received:209': 0.37; 'subject:: ': 0.38; 'some': 0.38; 'help': 0.40; 'your': 0.60; 'customer': 0.61; "you'll": 0.62; 'stuck': 0.65; 'account': 0.67; 'eight': 0.71; 'sounds': 0.71; 'designers': 0.75; 'informed': 0.75; 'flexible,': 0.84 |
| X-Google-DKIM-Signature | v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=path:newsgroups:date:in-reply-to:complaints-to:injection-info :nntp-posting-host:references:user-agent:x-google-web-client :x-google-ip:mime-version:message-id:subject:from:to:cc:content-type :content-transfer-encoding:x-gm-message-state; bh=qywcgwhfoiKNfIxAcLdtt23I3gtTwxej/m+MgTFB0po=; b=NoSh7AYm9ITKQB/hewddMn0hhfRCMoFlnDZG7WU9H9oA7GQGbLMOPmtuweMvALVCC+ oscSfSCYi1gZepLAEUE6xpOg/kGKwnlrE4JHNXDhniY3xivqanFu+dGc7ShFzLz6RXpc oQpFlnt+NfSoRyVfSe8izlmJuBN47+1qmECMMb+w2p5aSrAP6rXGRVsgegCfA8jSK9E/ 1U7gYNHlG82t9MVtvELfHmZ1qJIBdWnYeGN+4LCrC1s413ggZL7+jgyXNvAerlVICbg9 Q+fRZscMYmzgzGNTQmhuIcbBWLHYXbQo8E6YkhZZ9G8v3D7UNV24IOk0Ao3WtvP6+X9I ptvQ== |
| Newsgroups | comp.lang.python |
| Date | Fri, 19 Oct 2012 16:43:40 -0700 (PDT) |
| In-Reply-To | <mailman.2446.1350573409.27098.python-list@python.org> |
| Complaints-To | groups-abuse@google.com |
| Injection-Info | glegroupsg2000goo.googlegroups.com; posting-host=94.209.206.24; posting-account=gpkyRAoAAABlPh1mY6Zt264UpMjIbxAz |
| References | <2f12fa83-54cc-4fc2-85e4-b8aebebf4242@googlegroups.com> <mailman.2425.1350560975.27098.python-list@python.org> <05702a47-ff6b-4589-8352-d21b1921e77e@googlegroups.com> <mailman.2438.1350570579.27098.python-list@python.org> <2e5df7eb-7781-4c32-a9a7-088be940a4d3@googlegroups.com> <mailman.2446.1350573409.27098.python-list@python.org> |
| User-Agent | G2/1.0 |
| X-Google-Web-Client | true |
| X-Google-IP | 94.209.206.24 |
| MIME-Version | 1.0 |
| Subject | Re: use of exec() |
| From | lars van gemerden <lars@rational-it.com> |
| To | comp.lang.python@googlegroups.com |
| Content-Type | text/plain; charset=ISO-8859-1 |
| Content-Transfer-Encoding | quoted-printable |
| X-Gm-Message-State | ALoCoQn46eYtuC6lRypbqIzop0XgVkCaIShob/plPEgel7It+ZItIJlsrbfpFwWuqzbtSPWPvgGr |
| Cc | python-list@python.org |
| X-BeenThere | python-list@python.org |
| X-Mailman-Version | 2.1.15 |
| Precedence | list |
| List-Id | General discussion list for the Python programming language <python-list.python.org> |
| List-Unsubscribe | <http://mail.python.org/mailman/options/python-list>, <mailto:python-list-request@python.org?subject=unsubscribe> |
| List-Archive | <http://mail.python.org/pipermail/python-list/> |
| List-Post | <mailto:python-list@python.org> |
| List-Help | <mailto:python-list-request@python.org?subject=help> |
| List-Subscribe | <http://mail.python.org/mailman/listinfo/python-list>, <mailto:python-list-request@python.org?subject=subscribe> |
| Message-ID | <mailman.2542.1350690230.27098.python-list@python.org> (permalink) |
| Lines | 41 |
| NNTP-Posting-Host | 2001:888:2000:d::a6 |
| X-Trace | 1350690230 news.xs4all.nl 6906 [2001:888:2000:d::a6]:35906 |
| X-Complaints-To | abuse@xs4all.nl |
| Xref | csiph.com comp.lang.python:31784 |
Show key headers only | View raw
On Thursday, October 18, 2012 5:16:50 PM UTC+2, Chris Angelico wrote: > On Fri, Oct 19, 2012 at 2:00 AM, lars van gemerden <lars@rational-it.com> wrote: > > > I get your point, since in this case having the custom code option makes the system a whole lot less complex and flexible, i will leave the option in. The future customer will be informed that they should handle the security around the designers as if they were programmers. Aditionally i will probably add some screening for unwanted keywords (like 'import') and securely log any new/changed custom code including the designer account (must do that for other actions anyway). > > > > That sounds like a reasonable implementation of Layer Eight security. > > As long as everyone understands that this code can do ANYTHING, you'll > > be fine. > > > > You may want to add some other programmatic checks, though; for > > instance, a watchdog timer in case the code gets stuck in an infinite > > loop, or a memory usage limit, or somesuch. Since you're no longer > > worrying about security, this sort of thing will be fairly easy, and > > will be just to help catch common errors. > > > > ChrisA Do you have any ideas about to what extend the "lambda" version of the code (custom code is only the 'body' of the lambda function) has the same issues? Cheers, Lars
Back to comp.lang.python | Previous | Next — Previous in thread | Next in thread | Find similar | Unroll thread
use of exec() lars van gemerden <lars@rational-it.com> - 2012-10-18 04:41 -0700
Re: use of exec() Chris Angelico <rosuav@gmail.com> - 2012-10-18 22:49 +1100
Re: use of exec() lars van gemerden <lars@rational-it.com> - 2012-10-18 07:07 -0700
Re: use of exec() Chris Angelico <rosuav@gmail.com> - 2012-10-19 01:29 +1100
Re: use of exec() lars van gemerden <lars@rational-it.com> - 2012-10-18 08:00 -0700
Re: use of exec() Chris Angelico <rosuav@gmail.com> - 2012-10-19 02:16 +1100
Re: use of exec() lars van gemerden <lars@rational-it.com> - 2012-10-19 16:43 -0700
Re: use of exec() Chris Angelico <rosuav@gmail.com> - 2012-10-20 13:00 +1100
Re: use of exec() lars van gemerden <lars@rational-it.com> - 2012-10-20 03:41 -0700
Re: use of exec() lars van gemerden <lars@rational-it.com> - 2012-10-20 03:41 -0700
Re: use of exec() lars van gemerden <lars@rational-it.com> - 2012-10-19 16:43 -0700
Re: use of exec() lars van gemerden <lars@rational-it.com> - 2012-10-18 08:00 -0700
Re: use of exec() lars van gemerden <lars@rational-it.com> - 2012-10-18 07:07 -0700
csiph-web