Re: Python rexec and Bastion flaws

To: debian-python@lists.debian.org
Subject: Re: Python rexec and Bastion flaws
From: Carey Evans <careye@spamcop.net>
Date: Tue, 21 Jan 2003 23:06:39 +1300
Message-id: <b0j60m$7bk$1@main.gmane.org>
In-reply-to: <20030121064710.GS3088@finlandia.Infodrom.North.DE>
References: <20030120211015.GD12749@treasure> <20030121064710.GS3088@finlandia.Infodrom.North.DE>

Martin Schulze wrote:

I'd rather know about the vulnerability (and maybe doko is able to
implement a fix) than to blindly castrate software.  Theo d.R. already
taught us that blindly releasing updates are not good.


Here's some relevant links for the bugs:

Deleting __builtins__:
  http://python.org/sf/577530

Modifying new-style classes:
  http://mail.python.org/pipermail/python-dev/2002-December/031160.html

Final thread about dropping rexec:
  http://mail.python.org/pipermail/python-dev/2003-January/031842.html

Please note that the two bugs described above are only the two *known*bugs - nobody knows how many other bugs there are in rexec.

--

"Hanging is too good for a man who makes puns; he should be drawn andquoted."

        -- Fred Allen

Reply to:

References:
- Python rexec and Bastion flaws
  - From: Bastian Kleineidam <calvin@debian.org>
- Re: Python rexec and Bastion flaws
  - From: Martin Schulze <joey@infodrom.org>

Prev by Date: Re: Python rexec and Bastion flaws
Next by Date: Re: Python rexec and Bastion flaws
Previous by thread: Re: Python rexec and Bastion flaws
Next by thread: Re: Python rexec and Bastion flaws
Index(es):
- Date
- Thread