From: Seth de l'I. <set...@ge...> - 2005-01-07 02:07:37
|
With the idea of trying to tighten up the security in pyyaml I've done some work to remove all eval and exec statements from the code. http://ubertechnique.com/seth/pyyaml/pyyaml-0.32.3.tgz The only part of the previous version that I was really worried about was an exec statement that loaded new modules but I figured what the hey, lets get rid of 'em all so we're sure. Of course that fact that the originator of the code gets to choose what module to load is dangerous, just like any serialization scheme. I also put my changes since 0.32 "Showell" in a GNU Arch repository: http://ubertechnique.com/seth/arch the category is pyyaml |