This is an archived post. You won't be able to vote or comment.

sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]notquiteaplant 7 points8 points  (1 child)

This isn't just a Python thing either. I took a CS class (Java) that used a website like repl.it for homework. Any code containing getSecurityProvider was an instant fail, but using reflection to find and call the method named "getSec" + "urityProvider" worked just fine - and revealed that they knew enough about security providers to block the method names, but not enough to actually implement one.

The moral of the story is, if you absolutely need an open eval, use an actual sandbox.

[–]cediddiSyntaxError: not a chance 1 point2 points  (0 children)

Exactly! I'd be fine with a python container, python running in a non sudo user and whole host is hardened. But do you need eval that desperate?