Add strong security warning about the rexec module.

Closes SF patch #600861.

diff --git a/Doc/lib/librexec.tex b/Doc/lib/librexec.tex
index f00ddfcfc019f9034907fdf3ee93e56dddbd4a6a..f0e78d552c487845fb2f7aec41ee9989d72102fc 100644 (file)
--- a/Doc/lib/librexec.tex
+++ b/Doc/lib/librexec.tex
@@ -5,7 +5,6 @@
 \modulesynopsis{Basic restricted execution framework.}
 
 
-
 This module contains the \class{RExec} class, which supports
 \method{r_eval()}, \method{r_execfile()}, \method{r_exec()}, and
 \method{r_import()} methods, which are restricted versions of the standard
@@ -15,6 +14,16 @@ Code executed in this restricted environment will
 only have access to modules and functions that are deemed safe; you
 can subclass \class{RExec} to add or remove capabilities as desired.
 
+\strong{Warning:}
+While the \module{rexec} module is designed to perform as described
+below, it does have a few known vulnerabilities which could be
+exploited by carefully written code.  Thus it should not be relied
+upon in situations requiring ``production ready'' security.  In such
+situations, execution via sub-processes or very careful ``cleansing''
+of both code and data to be processed may be necessary.
+Alternatively, help in patching known \module{rexec} vulnerabilities
+would be welcomed.
+
 \emph{Note:} The \class{RExec} class can prevent code from performing
 unsafe operations like reading or writing disk files, or using TCP/IP
 sockets.  However, it does not protect against code using extremely