Chris Withers wrote at 2008-2-8 11:14 +0000:
Dieter Maurer wrote:
It is easy to secure "eval":
globs = {'__builtins__':{}} eval(s, globs, globs)
This ensures that "eval" cannot use any builtin functions -- especially, it cannot import anything.
I'm fairly sure this isn't enough
That you are fairly sure is not enough -- unless you show me an exploit....
- google for the bugs in python's rexec and bastion modules which lead to them being deprecated...
I speak only about "eval" (not "exec" or "rexec" nor "bastion"). In the "eval" world, you only have expressions. And with the "__builtins__" above, you have no builtin functions, no classes, no types -- you have just the literals the parser can recognize: strings, integer, float, None, lists, tuples, dicts, generators and the typical operators on them. You are able to construct huge objects and can cause denial of service. But this is possible even without "eval".... -- Dieter