Path: csiph.com!v102.xanadu-bbs.net!xanadu-bbs.net!news.mixmin.net!feed.xsnews.nl!border-1.ams.xsnews.nl!newsfeed.xs4all.nl!newsfeed3.news.xs4all.nl!xs4all!post.news.xs4all.nl!not-for-mail
Return-Path: <torriem@gmail.com>
X-Original-To: python-list@python.org
Delivered-To: python-list@mail.python.org
X-Spam-Status: OK 0.013
X-Spam-Evidence: '*H*': 0.97; '*S*': 0.00; 'root,': 0.07; 'suppose': 0.07; 'assembler': 0.09; 'ast': 0.09; '"right"': 0.16; 'from:addr:torriem': 0.16; 'from:name:michael torrie': 0.16; 'wrote:': 0.17; 'obviously': 0.18; 'do.': 0.21; 'user.': 0.23; 'header:In-Reply-To:1': 0.25; 'header:User-Agent:1': 0.26; 'am,': 0.27; 'module.': 0.27; 'figure': 0.30; 'code': 0.31; 'running': 0.32; 'to:addr:python-list': 0.33; 'received:org': 0.36; 'message- id:@gmail.com': 0.36; 'should': 0.36; 'being': 0.37; 'subject:: ': 0.38; 'to:addr:python.org': 0.39; 'received:192': 0.39; 'called': 0.39; 'received:192.168': 0.40; 'header:Received:5': 0.40; 'your': 0.60; 'edwards': 0.91
X-Virus-Scanned: amavisd-new at torriefamily.org
Date: Fri, 04 Jan 2013 09:05:23 -0700
From: Michael Torrie <torriem@gmail.com>
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:10.0.11) Gecko/20121115 Thunderbird/10.0.11
MIME-Version: 1.0
To: python-list@python.org
Subject: Re: Yet another attempt at a safe eval() call
References: <kc541v$3e4$1@reader1.panix.com> <50e6891c$0$30003$c3e8da3$5496439d@news.astraweb.com> <kc6tu3$s34$1@reader1.panix.com>
In-Reply-To: <kc6tu3$s34$1@reader1.panix.com>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-BeenThere: python-list@python.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: General discussion list for the Python programming language <python-list.python.org>
List-Unsubscribe: <http://mail.python.org/mailman/options/python-list>, <mailto:python-list-request@python.org?subject=unsubscribe>
List-Archive: <http://mail.python.org/pipermail/python-list/>
List-Post: <mailto:python-list@python.org>
List-Help: <mailto:python-list-request@python.org?subject=help>
List-Subscribe: <http://mail.python.org/mailman/listinfo/python-list>, <mailto:python-list-request@python.org?subject=subscribe>
Newsgroups: comp.lang.python
Message-ID: <mailman.87.1357315539.2939.python-list@python.org>
Lines: 10
NNTP-Posting-Host: 2001:888:2000:d::a6
X-Trace: 1357315539 news.xs4all.nl 6965 [2001:888:2000:d::a6]:47742
X-Complaints-To: abuse@xs4all.nl
Xref: csiph.com comp.lang.python:36115

On 01/04/2013 08:53 AM, Grant Edwards wrote:
> That's obviously the "right" thing to do.  I suppose I should figure
> out how to use the ast module.  

Or PyParsing.

As for your program being "secure" I don't see that there's much to
exploit.  You're not running as a service, and you're not running your
assembler as root, called from a normal user.  The user has your code
and can "exploit" it anytime he wants.