Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.lang.python > #41114

Re: Running external module and accessing the created objects

Path csiph.com!usenet.pasdenom.info!weretis.net!feeder4.news.weretis.net!rt.uk.eu.org!newsfeed.xs4all.nl!newsfeed4.news.xs4all.nl!xs4all!post.news.xs4all.nl!not-for-mail
Return-Path <davea@davea.name>
X-Original-To python-list@python.org
Delivered-To python-list@mail.python.org
X-Spam-Status OK 0.008
X-Spam-Evidence '*H*': 0.98; '*S*': 0.00; 'bash': 0.07; 'exec': 0.07; 'scripts': 0.09; 'python': 0.09; '-rf': 0.09; 'script,': 0.09; 'subject:module': 0.09; "hasn't": 0.15; 'exactly?': 0.16; 'setuid': 0.16; 'sources.': 0.16; 'subject:accessing': 0.16; 'subject:created': 0.16; 'wrote:': 0.17; 'script.': 0.17; 'shell': 0.18; 'import': 0.21; 'script': 0.24; 'header:In-Reply-To:1': 0.25; 'header:User-Agent:1': 0.26; 'creating': 0.26; 'am,': 0.27; 'run': 0.28; 'mind,': 0.29; "they'll": 0.29; 'things,': 0.29; 'running': 0.32; 'to:addr:python-list': 0.33; 'data,': 0.35; 'pm,': 0.35; 'michael': 0.36; 'possible': 0.37; 'two': 0.37; 'subject:: ': 0.38; 'to:addr:python.org': 0.39; 'received:192': 0.39; 'received:192.168': 0.40; 'your': 0.60; 'most': 0.61; 'different': 0.63; 'more': 0.63; 'dangerous': 0.66; 'soon': 0.70; 'received:74.208': 0.71; 'slope': 0.84; 'angel': 0.93
Date Tue, 12 Mar 2013 07:20:07 -0400
From Dave Angel <davea@davea.name>
User-Agent Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130221 Thunderbird/17.0.3
MIME-Version 1.0
To python-list@python.org
Subject Re: Running external module and accessing the created objects
References <mailman.3110.1362798411.2939.python-list@python.org> <513aecd3$0$6512$c3e8da3$5496439d@news.astraweb.com> <khlr16$lr0$1@ger.gmane.org> <513E7B6B.5070608@davea.name> <513EA973.7000705@gmail.com>
In-Reply-To <513EA973.7000705@gmail.com>
Content-Type text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding 7bit
X-Provags-ID V02:K0:UvvHbqBFnt/MOh133egFwT5+rB6VXqkJr8lJoVbvLo8 HrpVVh2bhDhk77JSPcr4oa3K2nZxmthaYXuSzN0jnvfD1rGgKO B9bOa5qD9eY60HMlYvQRjJWSyR+h4iGqnD1yDyQEy+FVdgE8lY 2MDT0XlWBanTDiP/wh1DCKcZVusWdr5jFEN1RtsLzaFHGI/Hy/ lwqTqGQeK+LCn9EUcGmhFSP9rJX6F3PqH9fi039QXaZmossbLh tIsnno//NNSIFRBrVq6yeexdNV4ta3QNPHpzvX34wT5KlutH97 ep3uO//OIB1O3S00N7beCgpjKe70sAHngtmjQ/Cj7b8U4MFqg= =
X-BeenThere python-list@python.org
X-Mailman-Version 2.1.15
Precedence list
List-Id General discussion list for the Python programming language <python-list.python.org>
List-Unsubscribe <http://mail.python.org/mailman/options/python-list>, <mailto:python-list-request@python.org?subject=unsubscribe>
List-Archive <http://mail.python.org/pipermail/python-list/>
List-Post <mailto:python-list@python.org>
List-Help <mailto:python-list-request@python.org?subject=help>
List-Subscribe <http://mail.python.org/mailman/listinfo/python-list>, <mailto:python-list-request@python.org?subject=subscribe>
Newsgroups comp.lang.python
Message-ID <mailman.3221.1363087228.2939.python-list@python.org> (permalink)
Lines 22
NNTP-Posting-Host 2001:888:2000:d::a6
X-Trace 1363087228 news.xs4all.nl 6883 [2001:888:2000:d::a6]:59208
X-Complaints-To abuse@xs4all.nl
Xref csiph.com comp.lang.python:41114

Show key headers only | View raw

On 03/12/2013 12:05 AM, Michael Torrie wrote:
> On 03/11/2013 06:48 PM, Dave Angel wrote:
>> I hope you're just kidding.  execfile() and exec() are two of the most
>> dangerous mechanisms around.  import or __import__() would be much
>> better, as long as your user hasn't already run myapp.py as his script.
>
> It's not possible to setuid a python script, so I don't see how execfile
> or exec is any more dangerous than the user creating a shell script that
> rm -rf * things, and then running it.
>
> Bash "exec's" scripts all the time that users create and provide.  How
> is this different and what issues did you have in mind, exactly?
>

Mainly that exec and execfile are a slippery slope for a new programmer. 
  Once as they get it in their minds that this is the way to do things, 
they'll soon fall into using one of them on raw_input() data, on network 
data, and on other untrusted sources.


-- 
DaveA

Back to comp.lang.python | Previous | NextPrevious in thread | Next in thread | Find similar | Unroll thread

Thread

Running external module and accessing the created objects  Kene Meniru <Kene.Meniru@illom.org> - 2013-03-08 22:06 -0500
  Re: Running external module and accessing the created objects Steven D'Aprano <steve+comp.lang.python@pearwood.info> - 2013-03-09 08:03 +0000
    Re: Running external module and accessing the created objects Kene Meniru <Kene.Meniru@illom.org> - 2013-03-09 06:05 -0500
      Re: Running external module and accessing the created objects Steven D'Aprano <steve+comp.lang.python@pearwood.info> - 2013-03-09 11:34 +0000
    Re: Running external module and accessing the created objects Chris Angelico <rosuav@gmail.com> - 2013-03-09 22:47 +1100
    Re: Running external module and accessing the created objects Dave Angel <davea@davea.name> - 2013-03-09 07:02 -0500
    Re: Running external module and accessing the created objects Kene Meniru <Kene.Meniru@illom.org> - 2013-03-09 10:34 -0500
      Re: Running external module and accessing the created objects Rick Johnson <rantingrickjohnson@gmail.com> - 2013-03-09 08:51 -0800
        Re: Running external module and accessing the created objects Kene Meniru <Kene.Meniru@illom.org> - 2013-03-09 12:21 -0500
          Re: Running external module and accessing the created objects Rick Johnson <rantingrickjohnson@gmail.com> - 2013-03-09 10:33 -0800
    Re: Running external module and accessing the created objects Dave Angel <davea@davea.name> - 2013-03-09 11:12 -0500
    Re: Running external module and accessing the created objects Kene Meniru <Kene.Meniru@illom.org> - 2013-03-09 11:56 -0500
    Re: Running external module and accessing the created objects Dave Angel <davea@davea.name> - 2013-03-09 12:20 -0500
    Re: Running external module and accessing the created objects Kene Meniru <Kene.Meniru@illom.org> - 2013-03-09 12:39 -0500
    Re: Running external module and accessing the created objects Kene Meniru <Kene.Meniru@illom.org> - 2013-03-09 13:18 -0500
    Re: Running external module and accessing the created objects Kene Meniru <Kene.Meniru@illom.org> - 2013-03-11 19:57 -0400
      Re: Running external module and accessing the created objects Rick Johnson <rantingrickjohnson@gmail.com> - 2013-03-11 23:40 -0700
    Re: Running external module and accessing the created objects Dave Angel <davea@davea.name> - 2013-03-11 20:48 -0400
    Re: Running external module and accessing the created objects Kene Meniru <Kene.Meniru@illom.org> - 2013-03-11 21:23 -0400
    Re: Running external module and accessing the created objects Kene Meniru <Kene.Meniru@illom.org> - 2013-03-11 21:58 -0400
    Re: Running external module and accessing the created objects Dave Angel <davea@davea.name> - 2013-03-11 22:16 -0400
    Re: Running external module and accessing the created objects Dave Angel <davea@davea.name> - 2013-03-11 22:11 -0400
    Re: Running external module and accessing the created objects Michael Torrie <torriem@gmail.com> - 2013-03-11 22:05 -0600
    Re: Running external module and accessing the created objects Dave Angel <davea@davea.name> - 2013-03-12 07:20 -0400
    Re: Running external module and accessing the created objects Kene Meniru <kemeniru@gmail.com> - 2013-03-12 13:38 +0000
    Re: Running external module and accessing the created objects Kene Meniru <kemeniru@gmail.com> - 2013-03-12 13:28 +0000

csiph-web