From cf8b1ea851b90d45cdbd72d125e496d11eb7a92b Mon Sep 17 00:00:00 2001
From: Fred Drake <fdrake@acm.org>
Date: Tue, 27 Aug 2002 16:42:37 +0000
Subject: Add strong security warning about the rexec module. Closes SF patch
 #600861.

---
 Doc/lib/librexec.tex | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/Doc/lib/librexec.tex b/Doc/lib/librexec.tex
index f00ddfc..f0e78d5 100644
--- a/Doc/lib/librexec.tex
+++ b/Doc/lib/librexec.tex
@@ -5,7 +5,6 @@
 \modulesynopsis{Basic restricted execution framework.}
 
 
-
 This module contains the \class{RExec} class, which supports
 \method{r_eval()}, \method{r_execfile()}, \method{r_exec()}, and
 \method{r_import()} methods, which are restricted versions of the standard
@@ -15,6 +14,16 @@ Code executed in this restricted environment will
 only have access to modules and functions that are deemed safe; you
 can subclass \class{RExec} to add or remove capabilities as desired.
 
+\strong{Warning:}
+While the \module{rexec} module is designed to perform as described
+below, it does have a few known vulnerabilities which could be
+exploited by carefully written code.  Thus it should not be relied
+upon in situations requiring ``production ready'' security.  In such
+situations, execution via sub-processes or very careful ``cleansing''
+of both code and data to be processed may be necessary.
+Alternatively, help in patching known \module{rexec} vulnerabilities
+would be welcomed.
+
 \emph{Note:} The \class{RExec} class can prevent code from performing
 unsafe operations like reading or writing disk files, or using TCP/IP
 sockets.  However, it does not protect against code using extremely
-- 
cgit v0.12