On Wed, 5 Oct 2005 18:47:06 +0200, Sybren Stuvel <[EMAIL PROTECTED]> wrote: >Flavio enlightened us with: >> Can anyone tell me why, if the following code works, I should not do >> this? >> >> def fun(a=1,b=2,**args): >> >> print 'locals:',locals() >> locals().update(args) >> print locals() > >Because it's very, very, very insecure. What would happen if someone >found a way to call that function? It could replace any name in the >locals dictionary, including functions from __builtins__. In other >words: probably the whole program could be taken over by other code by >just one call to that function. >
If I can call functions in your process space, I've already taken over your whole program. Jp -- http://mail.python.org/mailman/listinfo/python-list
