Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

rexec.r_eval() does not work like eval() #40000

Closed
pfremy mannequin opened this issue Mar 3, 2004 · 4 comments
Closed

rexec.r_eval() does not work like eval() #40000

pfremy mannequin opened this issue Mar 3, 2004 · 4 comments
Labels
stdlib Python modules in the Lib dir

Comments

@pfremy
Copy link
Mannequin

pfremy mannequin commented Mar 3, 2004

BPO 908936
Nosy @loewis

Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.

Show more details

GitHub fields:

assignee = None
closed_at = <Date 2004-03-30.21:06:14.000>
created_at = <Date 2004-03-03.09:58:57.000>
labels = ['library']
title = 'rexec.r_eval() does not work like eval()'
updated_at = <Date 2004-03-30.21:06:14.000>
user = 'https://bugs.python.org/pfremy'

bugs.python.org fields:

activity = <Date 2004-03-30.21:06:14.000>
actor = 'loewis'
assignee = 'none'
closed = True
closed_date = None
closer = None
components = ['Library (Lib)']
creation = <Date 2004-03-03.09:58:57.000>
creator = 'pfremy'
dependencies = []
files = []
hgrepos = []
issue_num = 908936
keywords = []
message_count = 4.0
messages = ['20160', '20161', '20162', '20163']
nosy_count = 2.0
nosy_names = ['loewis', 'pfremy']
pr_nums = []
priority = 'normal'
resolution = 'wont fix'
stage = None
status = 'closed'
superseder = None
type = None
url = 'https://bugs.python.org/issue908936'
versions = ['Python 2.2']
@pfremy
Copy link
Mannequin Author

pfremy mannequin commented Mar 3, 2004

I want to use the eval() function of python as simple
ultra-restricted expression evaluator. So, when
executing r_eval(), I want to pass a dictionnary of the
local and global variables, just like it is possible
with eval(). However, r_eval() does not allow it.

@pfremy pfremy mannequin closed this as completed Mar 3, 2004
@pfremy pfremy mannequin added the stdlib Python modules in the Lib dir label Mar 3, 2004
@pfremy pfremy mannequin closed this as completed Mar 3, 2004
@pfremy pfremy mannequin added the stdlib Python modules in the Lib dir label Mar 3, 2004
@loewis
Copy link
Mannequin

loewis mannequin commented Mar 29, 2004

Logged In: YES
user_id=21627

The rexec module does not provide restricted execution, so
you should not be using it in the first place.

Closing this as "won't fix".

@pfremy
Copy link
Mannequin Author

pfremy mannequin commented Mar 30, 2004

Logged In: YES
user_id=233844

http://www.python.org/doc/2.3.3/lib/module-rexec.html
reads: "17.1 rexec -- Restricted execution framework"

so it looks like the module does provide a "Restricted execution
framework", no ?

Now, I assume that you mean that the module has been marked
obsolete in the most recent of python (which I am not using).

Is there any replacement available ?

@loewis
Copy link
Mannequin

loewis mannequin commented Mar 30, 2004

Logged In: YES
user_id=21627

No, not marked obsolete: "Changed in version 2.3: Disabled
module."

"While the rexec module is designed to perform as described
below, it does have a few known vulnerabilities which could
be exploited by carefully written code. "

Even in 2.2, when it still was enabled, it did not actually
do what it was designed to do, and it is not possible to fix
it. Also, there is no replacement available.

@ezio-melotti ezio-melotti transferred this issue from another repository Apr 9, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
stdlib Python modules in the Lib dir
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
0 participants