[Python-Dev] Security capabilities in Python

Michael Hudson mwh at python.net
Sat Apr 9 20:13:04 CEST 2005

Jp Calderone <exarkun at divmod.com> writes:

>   Does using the gc module to bypass this security count?  If so:
>     exarkun at boson:~$ python -i facet.py 
>     >>> import gc
>     >>> c = readonly_facet.__getattr__.func_closure[1]
>     >>> r = gc.get_referents(c)[0]
>     >>> r.n = 'hax0r3d'
>     >>> readonly_facet.value()
>     'hax0r3d'
>     >>> 
>   This is the easiest way of which I know to bypass the use of cells
>   as a security mechanism.  I believe there are other more involved
>   (and fragile, probably) ways, though.

The funniest I know is part of PyPy:

def extract_cell_content(c):
    """Get the value contained in a CPython 'cell', as read through
    the func_closure of a function object."""
    # yuk! this is all I could come up with that works in Python 2.2 too
    class X(object):
        def __eq__(self, other):
            self.other = other
    x = X()
    x_cell, = (lambda: x).func_closure
    x_cell == c
    return x.other

It would be unfortunate for PyPy (and IMHO, very un-pythonic) if this
process became impossible.


  Java sucks. [...] Java on TV set top boxes will suck so hard it
  might well inhale people from off  their sofa until their heads
  get wedged in the card slots.              --- Jon Rabone, ucam.chat

More information about the Python-Dev mailing list