Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.lang.python > #27242

Re: remote read eval print loop

Show all headers | View raw

On Fri, Aug 17, 2012 at 11:28 PM, Eric Frederich
<eric.frederich@gmail.com> wrote:
> Within the debugging console, after importing all of the bindings, there
> would be no reason to import anything whatsoever.
> With just the bindings I created and the Python language we could do
> meaningful debugging.
> So if I block the ability to do any imports and calls to eval I should be
> safe right?

Nope. Python isn't a secured language in that way. I tried the same
sort of thing a while back, but found it effectively impossible. (And
this after people told me "It's not possible, don't bother trying". I
tried anyway. It wasn't possible.)

If you really want to do that, consider it equivalent to putting an
open SSH session into your debugging console. Would you give that much
power to your application's users? And if you would, is it worth
reinventing SSH?

ChrisA

Back to comp.lang.python | Previous | Next — Previous in thread | Find similar | Unroll thread

Thread

Re: remote read eval print loop Chris Angelico <rosuav@gmail.com> - 2012-08-17 08:43 +1000
  Re: remote read eval print loop Steven D'Aprano <steve+comp.lang.python@pearwood.info> - 2012-08-17 02:27 +0000
    Re: remote read eval print loop Alister <alister.ware@ntlworld.com> - 2012-08-17 06:38 +0000
    Re: remote read eval print loop Chris Angelico <rosuav@gmail.com> - 2012-08-17 17:25 +1000
      Re: remote read eval print loop rusi <rustompmody@gmail.com> - 2012-08-17 04:09 -0700
        Re: remote read eval print loop Chris Angelico <rosuav@gmail.com> - 2012-08-18 00:06 +1000

csiph-web