On 2016-04-07, Chris Angelico <ros...@gmail.com> wrote: > Options 1 and 2 are nastily restricted. Option 3 is likely broken, as > exception objects carry tracebacks and such.
Everything you're saying here is assuming that we must not let the attacker see any exception objects, but I don't understand why you're assuming that. As far as I can see, the information that exceptions hold that we need to prevent access to is all in "__" attributes that we're already blocking. -- https://mail.python.org/mailman/listinfo/python-list
