about candy [Python-Dev] Re: Capabilities
Samuele Pedroni
pedronis@bluewin.ch
Wed, 12 Mar 2003 18:53:21 +0100
[me]
> attached is a modified version of s.py that takes a filename for the code to
> run inside the RestrictedInterpreter. Also myfunc is now myexc_source . There
> is also a new function candy, next mail on that.
Consider from s.py:
-- * --
from sys import exit
...
def candy(s):
if s == "yes":
return 'candy'
else:
return 'none'
ri = RestrictedInterpreter()
ri.globals['candy'] = ProxyFactory(candy)
...
ri.ri_exec(code)
print "OK"
-- * --
No unproxied exceptions, on the other hand both rexec and the prototype
RestrictedIntrepreter supply code with globals() [!], and apply() ...
I have some _even more baroque_ code (xpl2) that exploits candy and manages to
call sys.exit:
...>\usr\python22\python -i s.py xpl2
candy
Got sys.exit
...>
In this case xpl2 could be rewritten as a single expression of the form:
candy(...)
although that would make for a totally masochistic exercise and a total
obfuscated python entry. No, I haven't done/ tried that :)
regards.