diff options
author | Fred Drake <fdrake@acm.org> | 2002-08-27 16:46:06 +0000 |
---|---|---|
committer | Fred Drake <fdrake@acm.org> | 2002-08-27 16:46:06 +0000 |
commit | 05be93a10d616220b0898d7b31ad66c13d40d884 (patch) | |
tree | 3c6a91f4717c2f93f093f9b676f4ee13959a43af | |
parent | 05d01cbc367e3f65c280f0f49138f1ddd03570c1 (diff) | |
download | cpython-05be93a10d616220b0898d7b31ad66c13d40d884.tar.gz |
Add strong security warning about the rexec module.
Closes SF patch #600861.
Minor markup changes.
-rw-r--r-- | Doc/lib/librexec.tex | 22 |
1 files changed, 17 insertions, 5 deletions
diff --git a/Doc/lib/librexec.tex b/Doc/lib/librexec.tex index ff6cdc478a..71ae9a3627 100644 --- a/Doc/lib/librexec.tex +++ b/Doc/lib/librexec.tex @@ -5,7 +5,6 @@ \modulesynopsis{Basic restricted execution framework.} - This module contains the \class{RExec} class, which supports \method{r_eval()}, \method{r_execfile()}, \method{r_exec()}, and \method{r_import()} methods, which are restricted versions of the standard @@ -15,10 +14,23 @@ Code executed in this restricted environment will only have access to modules and functions that are deemed safe; you can subclass \class{RExec} to add or remove capabilities as desired. -\note{The \class{RExec} class can prevent code from performing -unsafe operations like reading or writing disk files, or using TCP/IP -sockets. However, it does not protect against code using extremely -large amounts of memory or processor time.} +\begin{notice}[warning] + While the \module{rexec} module is designed to perform as described + below, it does have a few known vulnerabilities which could be + exploited by carefully written code. Thus it should not be relied + upon in situations requiring ``production ready'' security. In such + situations, execution via sub-processes or very careful + ``cleansing'' of both code and data to be processed may be + necessary. Alternatively, help in patching known \module{rexec} + vulnerabilities would be welcomed. +\end{notice} + +\begin{notice} + The \class{RExec} class can prevent code from performing unsafe + operations like reading or writing disk files, or using TCP/IP + sockets. However, it does not protect against code using extremely + large amounts of memory or processor time. +\end{notice} \begin{classdesc}{RExec}{\optional{hooks\optional{, verbose}}} Returns an instance of the \class{RExec} class. |