From: Guido van Rossum <guido@python.org>
Date: Tue, 7 Jan 2003 23:01:21 +0000 (+0000)
Subject: Sabotage rexec.py and Bastion.py.  These are not secure in Python 2.2
X-Git-Tag: v2.2.3c1~186
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=ef18213f1242f8da5da67529050a5f7db9386caa;p=thirdparty%2FPython%2Fcpython.git

Sabotage rexec.py and Bastion.py.  These are not secure in Python 2.2
or 2.3.
---

diff --git a/Lib/Bastion.py b/Lib/Bastion.py
index 99990a2d7df6..ae2db74ca3a6 100644
--- a/Lib/Bastion.py
+++ b/Lib/Bastion.py
@@ -97,6 +97,8 @@ def Bastion(object, filter = lambda name: name[:1] != '_',
 
     """
 
+    raise RuntimeError, "This code is not secure in Python 2.2 and 2.3"
+
     # Note: we define *two* ad-hoc functions here, get1 and get2.
     # Both are intended to be called in the same way: get(name).
     # It is clear that the real work (getting the attribute
diff --git a/Lib/rexec.py b/Lib/rexec.py
index 52e0c32aa116..ef85ac6806a4 100644
--- a/Lib/rexec.py
+++ b/Lib/rexec.py
@@ -179,6 +179,9 @@ class RExec(ihooks._Verbose):
         sent to standard output.
 
         """
+
+        raise RuntimeError, "This code is not secure in Python 2.2 and 2.3"
+
         ihooks._Verbose.__init__(self, verbose)
         # XXX There's a circular reference here:
         self.hooks = hooks or RHooks(verbose)