> The trick is that you can't decide at utils.execute() level what
> generic argument is or is not safe. In some cases passing "../.."
> is perfectly accepted use !
Just off the top of my head:
Doesn't Python offer something like Perl's caller() as well? Then you could
possibly perform whitelisting for functions that are allowed to pass "../../".
> The trick is that you can't decide at utils.execute() level what
> generic argument is or is not safe. In some cases passing "../.."
> is perfectly accepted use !
Just off the top of my head:
Doesn't Python offer something like Perl's caller() as well? Then you could
possibly perform whitelisting for functions that are allowed to pass "../../".