commit | 59b2a74c752578cb67b02b6966f283fd049f646a | [log] [tgz] |
---|---|---|
author | Guido van Rossum <guido@python.org> | Fri May 31 21:12:53 2002 +0000 |
committer | Guido van Rossum <guido@python.org> | Fri May 31 21:12:53 2002 +0000 |
tree | 0d22cefbca493f99f939e16753be892069b2ef94 | |
parent | 9788384d02a21982bbbdfc97dc95d5502bad1f42 [diff] |
SF bug 533625 (Armin Rigo). rexec: potential security hole If a rexec instance allows writing in the current directory (a common thing to do), there's a way to execute bogus bytecode. Fix this by not allowing imports from .pyc files (in a way that allows a site to configure things so that .pyc files *are* allowed, if writing is not allowed). I'll apply this to 2.2 and 2.1 too.