Comment 5 for bug 1015531
Revision history for this message
| Matthias Weckbecker (mweckbecker) wrote | #5 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0e1f616
(Get the code!)
> The trick is that you can't decide at utils.execute() level what
> generic argument is or is not safe. In some cases passing "../.."
> is perfectly accepted use !
Just off the top of my head:
Doesn't Python offer something like Perl's caller() as well? Then you could
possibly perform whitelisting for functions that are allowed to pass "../../".