commit | d0753e20b256057a6320e95e43974f053f4123f1 | [log] [tgz] |
---|---|---|
author | Guido van Rossum <guido@python.org> | Wed Dec 10 22:59:55 1997 +0000 |
committer | Guido van Rossum <guido@python.org> | Wed Dec 10 22:59:55 1997 +0000 |
tree | 16b8823424a3726cbcd52b7f68f47318599c2631 | |
parent | 90d62ab0a175b8f3451ee74f29d5de83650e2292 [diff] |
At Barry's suggestion, plug the security leak by using an empty __builtins__ for all calls to eval(). This still allows someone to write string.atof("[1]*1000000") (which Jim Fulton worries about) but effectively disables access to system modules and functions.