[Python-Dev] Security capabilities in Python

Ka-Ping Yee python-dev at zesty.ca
Sat Apr 9 23:37:34 CEST 2005

On Sat, 9 Apr 2005, Jp Calderone wrote:
>   Does using the gc module to bypass this security count?  If so:
>     exarkun at boson:~$ python -i facet.py
>     >>> import gc
>     >>> c = readonly_facet.__getattr__.func_closure[1]
>     >>> r = gc.get_referents(c)[0]
>     >>> r.n = 'hax0r3d'
>     >>> readonly_facet.value()
>     'hax0r3d'
>     >>>

You can't get func_closure in restricted mode.  (Or at least, i can't,
using the Python included with Mac OS 10.3.8.)

    >>> restrict()
    >>> readonly_facet.__getattr__.func_closure
    Traceback (most recent call last):
      File "<stdin>", line 1, in ?
    RuntimeError: restricted attribute

Even though this particular example doesn't work in restricted mode,
it's true that the gc module violates capability discipline, and you
would have to forbid its import.  In any real use case, you would have
to restrict imports anyway to prevent access to sys.modules or loading
of arbitrary binaries.

For a version that restricts imports, see:


Let me know if you figure out how to defeat that.

(This is a fun exercise, but with a potential purpose -- it would be
nice to have a coherent story on this for Python 3000, or maybe even
Python 2.x.)

-- ?!ng

More information about the Python-Dev mailing list