What's so wrong about execfile?

[Sammo]

Given that execfile has been removed in py3k, I want to understand
exactly why.

Okay, I get that execfile is bad from the following thread:

(1) Don't use eval, exec or execfile.

(2) If you're an expert, don't use eval, exec or execfile.

(3) If you're an expert, and are fully aware of the security risks, don't
use eval, exec or execfile.

(4) If you're an expert, and are fully aware of the security risks, and
have a task that can only be solved by using eval, exec or execfile, find
another solution.

(5) If there really is no other solution, you haven't looked hard enough.

(6) If you've looked REALLY hard, and can't find another solution, AND
you're an expert and are fully aware of the security risks, THEN you can
think about using eval, exec or execfile.

What are some of the reasons why execfile should not be used?

What are some examples of cases where execfile is the correct way of
doing something?

 

[Carl Banks]

Given that execfile has been removed in py3k, I want to understand
exactly why.

Okay, I get that execfile is bad from the following thread:








What are some of the reasons why execfile should not be used?

What are some examples of cases where execfile is the correct way of
doing something?

You didn't quote the context of Steven's reply, so I don't know if he
was talking in general, or for a particular situation. I suspect it
was the latter, though.

Anyway, there is one generally valid use case for these three: when
it's your deliberate intention to give the user the power to run
arbitrary Python code. If you really want to give the user this
power, and the user is trusted on whatever machine they are running it
on, go ahead and use it. No apology necessary.

[For instance, the package I use to generate my web site uses exec and
eval, because it processes templates with embedded Python code. It's
all generated statically, on my own desktop, and I author all the
pages myself, so there is no security risk. If I were to distribute
this package (and I do, though not many people use it, because
everyone just writes their own HTML templates), there would be no risk
because the user is expected to be able to run Python, and if they can
be trusted to run Python on their own system, they can be trusted to
run my program, which execs templates that they write themselves.]

I would suggest, however, that even if that is your intention that you
consider leveraging Python's built-in import infrastructure. Instead
of execfile, you could have your program simply import a module the
user writes (after adding a user-specific directory to sys.path).


Now, here are a few situations where you should follow Steven's advice
above (i.e., don't, ever):

- Don't ever use exec or eval to construct a variable name
dynamically. Don't ever do this, for instance:

x = eval("self","%s%d" % (name,index))

This is unforgiveable. Python has better and safer ways to do this
(use getattr, setattr, globals, and locals built-ins). And if you
find yourself using them a lot, it's a red flag that you should be
using dicts instead.

- Don't ever pass any data to exec or eval that you didn't either
write, or thoroughly inspect, yourself. Especially don't pass it any
data you received over the network. You have to be the super extreme
expert that Steven described, and own a lot of liability insurance,
befor you can do that.


Carl Banks

 

[Michele Simionato]

Given that execfile has been removed in py3k

execfile has not been really removed, it is just spelled
differently:

BTW, from the help message
Help on built-in function exec in module builtins:

exec(...)
exec(object[, globals[, locals]])

Read and execute code from a object, which can be a string, a code
object or a file object.
The globals and locals are dictionaries, defaulting to the current
globals and locals. If only globals is given, locals defaults to
it.

I would have expected

to work too. Any idea why it does not?


Michele Simionato

 

[Carl Banks]

[For instance, the package I use to generate my web site uses exec and
eval, because it processes templates with embedded Python code.  

    Now there's an example of exactly what exec and eval shouldn't be used for.

    You don't put general-purpose execution mechanisms into your web site
template system.  That's just asking for trouble.

It really isn't for a static web site generator with a single author,
which is what my package is for.


Carl Banks

 

[John Nagle]

Given that execfile has been removed in py3k, I want to understand
exactly why.

Okay, I get that execfile is bad from the following thread:


What are some of the reasons why execfile should not be used?

What are some examples of cases where execfile is the correct way of
doing something?

[For instance, the package I use to generate my web site uses exec and
eval, because it processes templates with embedded Python code.

Now there's an example of exactly what exec and eval shouldn't be used for.

You don't put general-purpose execution mechanisms into your web site
template system. That's just asking for trouble.

John Nagle