[Python-Dev] Security capabilities in Python
pedronis at strakt.com
Sat Apr 9 23:50:48 CEST 2005
Ka-Ping Yee wrote:
> On Sat, 9 Apr 2005, Jp Calderone wrote:
>> Does using the gc module to bypass this security count? If so:
>> exarkun at boson:~$ python -i facet.py
>> >>> import gc
>> >>> c = readonly_facet.__getattr__.func_closure
>> >>> r = gc.get_referents(c)
>> >>> r.n = 'hax0r3d'
>> >>> readonly_facet.value()
> You can't get func_closure in restricted mode. (Or at least, i can't,
> using the Python included with Mac OS 10.3.8.)
> >>> restrict()
> >>> readonly_facet.__getattr__.func_closure
> Traceback (most recent call last):
> File "<stdin>", line 1, in ?
> RuntimeError: restricted attribute
> Even though this particular example doesn't work in restricted mode,
> it's true that the gc module violates capability discipline, and you
> would have to forbid its import. In any real use case, you would have
> to restrict imports anyway to prevent access to sys.modules or loading
> of arbitrary binaries.
> For a version that restricts imports, see:
> Let me know if you figure out how to defeat that.
you should probably search the list and look at my old attacks against
restricted execution, there's reason why is not much supported anymore.
One can still try to use it but needs to be extremely careful or use C
defined proxies... etc.
> (This is a fun exercise, but with a potential purpose -- it would be
> nice to have a coherent story on this for Python 3000, or maybe even
> Python 2.x.)
> -- ?!ng
> Python-Dev mailing list
> Python-Dev at python.org
> Unsubscribe: http://mail.python.org/mailman/options/python-dev/pedronis%40strakt.com
More information about the Python-Dev