Even setting __builtins__ to None is possible to circumvent: http://nedbatchelder.com/blog/201206/eval_really_is_dangerous.html . I personally wouldn't mind including your change since it introduces more 'hygenic' use of eval, but as was said before, the input to the eval is protected by filesystem permissions anyway. -- You received this bug notification because you are a member of OpenStack Security Group, which is subscribed to OpenStack. https://bugs.launchpad.net/bugs/1367022 Title: Un-sanitized eval may have security impact Status in OpenStack Telemetry (Ceilometer): In Progress Status in OpenStack Security Advisories: Won't Fix Bug description: On this line: https://github.com/openstack/ceilometer/blob/master/ceilometer/transformer/conversions.py#L62 eval is used for some transformation. The comments near by suggest that it is used for a 'multiplicative factor or else a string to be eval'd'. If an attacker is able to provide an input like "__import__('os').system('rm -rf /etc')" the process will delete the etc directory with the privileges of the user that is running Ceilometer. Eval input should always be sanitized. I was unable to find any places that this is actually used, but this should definitely be hardened. To manage notifications about this bug go to: https://bugs.launchpad.net/ceilometer/+bug/1367022/+subscriptions