I've received some enthusiastic emails from someone who wants to revive restricted mode. He started out with a bunch of patches to the CPython runtime using ctypes, which he attached to an App Engine bug: http://code.google.com/p/googleappengine/issues/detail?id=671 Based on his code (the file secure.py is all you need, included in secure.tar.gz) it seems he believes the only security leaks are __subclasses__, gi_frame and gi_code. (I have since convinced him that if we add "restricted" guards to these attributes, he doesn't need the functions added to sys.) I don't recall the exploits that Samuele once posted that caused the death of rexec.py -- does anyone recall, or have a pointer to the threads? -- --Guido van Rossum (home page: http://www.python.org/~guido/)
participants (19)
-
"Martin v. Löwis"
-
Benjamin Peterson
-
Brett Cannon
-
Chris Angelico
-
Greg Ewing
-
Guido van Rossum
-
Isaac Morland
-
Ivan Krstić
-
Jim Baker
-
Mark Lawrence
-
matsjoyce
-
Nick Coghlan
-
Samuele Pedroni
-
Skip Montanaro
-
Steven D'Aprano
-
tav
-
Terry Reedy
-
Victor Stinner
-
Victor Stinner