[Zope3-checkins] CVS: Zope3/src/zope/security - interpreter.py:1.2
Guido van Rossum
guido@python.org
Mon, 10 Mar 2003 11:48:51 -0500
Update of /cvs-repository/Zope3/src/zope/security
In directory cvs.zope.org:/tmp/cvs-serv2225
Modified Files:
interpreter.py
Log Message:
Add XXX comments.
Move the assignment to __builtins__ into ri_exec() to prevent a known
attack.
=== Zope3/src/zope/security/interpreter.py 1.1 => 1.2 ===
--- Zope3/src/zope/security/interpreter.py:1.1 Mon Dec 30 22:35:13 2002
+++ Zope3/src/zope/security/interpreter.py Mon Mar 10 11:48:48 2003
@@ -11,22 +11,22 @@
# FOR A PARTICULAR PURPOSE
#
##############################################################################
-"""
+"""Restricted interpreter.
+
+XXX This code is not used! Before using it, a serious security review
+should be undertaken.
-Revision information:
$Id$
"""
-import sys
-
-from zope.security.proxy import ProxyFactory
from zope.security.builtins import RestrictedBuiltins
class RestrictedInterpreter:
def __init__(self):
- self.globals = {'__builtins__' : RestrictedBuiltins}
+ self.globals = {}
def ri_exec(self, code):
- # what is the type of code?
+ # XXX What is the type of code?
+ self.globals['__builtins__'] = RestrictedBuiltins
exec code in self.globals