[Python-Dev] Challenge: Please break this! (was: Reviving restricted mode)
tav at espians.com
Mon Feb 23 21:10:29 CET 2009
As an attempt to convince everyone of the merits of my functions-based
approach to security, I've come up with a simple challenge. I've
attached it as safelite.py
The challenge is simple:
* Open a fresh Python interpreter
* Do: >>> from safelite import FileReader
* You can use FileReader to read files on your filesystem
* Now find a way to *write* to the filesystem from your interpreter
Please note that the aim of this isn't to protect Python against
crashes/segfaults or exhaustion of resources attacks, so those don't
I'm keen to know your experiences even if you don't manage to write to
the filesystem -- and especially if you do!
Dinner and drinks on me for an evening -- when you are next in London
or I am in your town -- to the first person who manages to break
safelite.py and write to the filesystem.
Good luck and thanks! =)
> If you block __closure__ and __globals__ on function objects you will get a
> semblance of a private namespace. That way you might (I have not thought
> this one through like securing the interpreter for embedding) be able to get
> what you need to safely pass in Python code through the globals of the code
> being executed.
Brett, this is exactly what I do. You also need to restrict func_code.
The patch is simply for closing the other loopholes:
type.__subclasses__, GeneratorType.gi_frame and gi_code. All possible
in a patch of 6 lines of code thanks to Python's existing restricted
framework in the interpreter.
Please review and accept =)
plex:espians/tav | tav at espians.com | +44 (0) 7809 569 369
http://tav.espians.com | @tav | skype:tavespian
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 5993 bytes
Desc: not available
More information about the Python-Dev