Chris Drake <cryptoph...@gmail.com> added the comment:
The specification specifically allows for the restriction of access to globals via the second argument to eval. While Christian and Victor make interesting, albeit suicidal, comments and references to other efforts, the fact remains that this is a violation of the standard, and is an exploitable security issue. It's worth noting that the 1980's are long over now - people take security seriously these days, even when it's inconvenient. The fix seems ridiculously trivial for what it's worth; introduce a flag that honors the intent of the second argument. ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue42472> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
