From: A.M. K. <aku...@us...> - 2003-01-08 13:15:11
|
Update of /cvsroot/py-howto/pyhowto In directory sc8-pr-cvs1:/tmp/cvs-serv12770 Modified Files: rexec.tex Log Message: Add more details about rexec's problems Index: rexec.tex =================================================================== RCS file: /cvsroot/py-howto/pyhowto/rexec.tex,v retrieving revision 1.13 retrieving revision 1.14 diff -C2 -r1.13 -r1.14 *** rexec.tex 17 Dec 2002 14:31:42 -0000 1.13 --- rexec.tex 8 Jan 2003 13:15:07 -0000 1.14 *************** *** 15,25 **** \noindent ! Python provides a \module{rexec} module running untrusted code. ! However, it's never been exhaustively audited for security and it ! hasn't been updated to take into account recent changes to Python such ! as new-style classes. Therefore, the \module{rexec} module should not be trusted. To discourage use of \module{rexec}, this HOWTO has been withdrawn. \end{abstract} --- 15,37 ---- \noindent ! Python 2.2.2 and earlier provided a \module{rexec} module running ! untrusted code. However, it's never been exhaustively audited for ! security and it hasn't been updated to take into account recent ! changes to Python such as new-style classes. Therefore, the \module{rexec} module should not be trusted. To discourage use of \module{rexec}, this HOWTO has been withdrawn. + The \module{rexec} and \module{Bastion} modules have been disabled in + the Python CVS tree, both on the trunk (which will eventually become + Python 2.3alpha2 and later 2.3final) and on the release22-maint branch + (which will become Python 2.2.3, if someone ever volunteers to issue + 2.2.3). + + For discussion of the problems with \module{rexec}, see the python-dev + threads starting at the following URLs: + \url{http://mail.python.org/pipermail/python-dev/2002-December/031160.html}, + and + \url{http://mail.python.org/pipermail/python-dev/2003-January/031848.html}. + \end{abstract} *************** *** 39,42 **** --- 51,57 ---- Dec. 17, 2002: Withdrawn. + + Jan. 8, 2003: Mention that \module{rexec} will be disabled in Python 2.3, + and added links to relevant python-dev threads. \end{document} |