On 2013-01-04, Michael Torrie <torr...@gmail.com> wrote:
> On 01/04/2013 08:53 AM, Grant Edwards wrote:
>> That's obviously the "right" thing to do. I suppose I should figure
>> out how to use the ast module.
>
> Or PyParsing.
>
> As for your program being "secure" I don't see that there's much to
> exploit.
There isn't.
> You're not running as a service, and you're not running your
> assembler as root, called from a normal user. The user has your code
> and can "exploit" it anytime he wants.
I'm just trying to prevent surprises for people who are running the
assembler. We have to assume that they trust the assembler code to
not cause damage intentionally. But, one would not expect them to
have to worry that assembly language input fed to the assembler code
might cause some sort of collateral damage.
Sure, I can change the source code for gcc so that it wreaks havok
when I invoke it. But, using the stock gcc compiler there shouldn't
be any source file I can feed it that will cause it to mail my bank
account info to somebody in Eastern Europe, install a keylogger, and
then remove all my files.
--
Grant Edwards grant.b.edwards Yow! I have a TINY BOWL in
at my HEAD
gmail.com
--
http://mail.python.org/mailman/listinfo/python-list
