diff --git a/openerp/tools/safe_eval.py b/openerp/tools/safe_eval.py
index 0b9b2e7a8a30e17aabb575e5a486c65672e31041..c317c9bea88eeb130fe0c9afc27fb2fba49ce3be 100644
--- a/openerp/tools/safe_eval.py
+++ b/openerp/tools/safe_eval.py
@@ -42,6 +42,9 @@ __all__ = ['test_expr', 'safe_eval', 'const_eval']
 # lp:703841), does import time.
 _ALLOWED_MODULES = ['_strptime', 'time']
 
+_UNSAFE_ATTRIBUTES = ['f_builtins', 'f_globals', 'f_locals', 'gi_frame',
+                      'co_code', 'func_globals']
+
 _CONST_OPCODES = set(opmap[x] for x in [
     'POP_TOP', 'ROT_TWO', 'ROT_THREE', 'ROT_FOUR', 'DUP_TOP', 'DUP_TOPX',
     'POP_BLOCK','SETUP_LOOP', 'BUILD_LIST', 'BUILD_MAP', 'BUILD_TUPLE',
@@ -113,7 +116,7 @@ def assert_no_dunder_name(code_obj, expr):
     .. note:: actually forbids every name containing 2 underscores
     """
     for name in code_obj.co_names:
-        if "__" in name:
+        if "__" in name or name in _UNSAFE_ATTRIBUTES:
             raise NameError('Access to forbidden name %r (%r)' % (name, expr))
 
 def assert_valid_codeobj(allowed_codes, code_obj, expr):