d0753e20b256057a6320e95e43974f053f4123f1 - platform/external/python/cpython2

commit	d0753e20b256057a6320e95e43974f053f4123f1	[log] [tgz]
author	Guido van Rossum <guido@python.org>	Wed Dec 10 22:59:55 1997 +0000
committer	Guido van Rossum <guido@python.org>	Wed Dec 10 22:59:55 1997 +0000
tree	16b8823424a3726cbcd52b7f68f47318599c2631
parent	90d62ab0a175b8f3451ee74f29d5de83650e2292 [diff]

At Barry's suggestion, plug the security leak by using an empty
__builtins__ for all calls to eval().  This still allows someone to
write string.atof("[1]*1000000") (which Jim Fulton worries about) but
effectively disables access to system modules and functions.

Lib/string.py[diff]
Lib/stringold.py[diff]

2 files changed

tree: 16b8823424a3726cbcd52b7f68f47318599c2631

Demo/
Doc/
Grammar/
Include/
Lib/
Mac/
Misc/
Modules/
Objects/
Parser/
PC/
PCbuild/
Python/
Tools/
.hgtags
acconfig.h
config.h.in
configure
configure.in
install-sh
Makefile.in
README