diff options
author | Guido van Rossum <guido@python.org> | 2002-05-31 21:12:53 (GMT) |
---|---|---|
committer | Guido van Rossum <guido@python.org> | 2002-05-31 21:12:53 (GMT) |
commit | 59b2a74c752578cb67b02b6966f283fd049f646a (patch) | |
tree | 0d22cefbca493f99f939e16753be892069b2ef94 /Lib/sgmllib.py | |
parent | 9788384d02a21982bbbdfc97dc95d5502bad1f42 (diff) | |
download | cpython-59b2a74c752578cb67b02b6966f283fd049f646a.zip cpython-59b2a74c752578cb67b02b6966f283fd049f646a.tar.gz cpython-59b2a74c752578cb67b02b6966f283fd049f646a.tar.bz2 |
SF bug 533625 (Armin Rigo). rexec: potential security hole
If a rexec instance allows writing in the current directory (a common
thing to do), there's a way to execute bogus bytecode. Fix this by
not allowing imports from .pyc files (in a way that allows a site to
configure things so that .pyc files *are* allowed, if writing is not
allowed).
I'll apply this to 2.2 and 2.1 too.
Diffstat (limited to 'Lib/sgmllib.py')
0 files changed, 0 insertions, 0 deletions