[Python-Dev] Challenge: Please break this! (was: Reviving restricted mode)

tav tav at espians.com
Mon Feb 23 21:10:29 CET 2009

Hey all,

As an attempt to convince everyone of the merits of my functions-based
approach to security, I've come up with a simple challenge. I've
attached it as safelite.py

The challenge is simple:

* Open a fresh Python interpreter
* Do: >>> from safelite import FileReader
* You can use FileReader to read files on your filesystem
* Now find a way to *write* to the filesystem from your interpreter

Please note that the aim of this isn't to protect Python against
crashes/segfaults or exhaustion of resources attacks, so those don't

I'm keen to know your experiences even if you don't manage to write to
the filesystem -- and especially if you do!

Dinner and drinks on me for an evening -- when you are next in London
or I am in your town -- to the first person who manages to break
safelite.py and write to the filesystem.

Good luck and thanks! =)

> If you block __closure__ and __globals__ on function objects you will get a
> semblance of a private namespace. That way you might (I have not thought
> this one through like securing the interpreter for embedding) be able to get
> what you need to safely pass in Python code through the globals of the code
> being executed.

Brett, this is exactly what I do. You also need to restrict func_code.
The patch is simply for closing the other loopholes:
type.__subclasses__, GeneratorType.gi_frame and gi_code. All possible
in a patch of 6 lines of code thanks to Python's existing restricted
framework in the interpreter.

Please review and accept =)

* http://codereview.appspot.com/20051
* http://codereview.appspot.com/21051


love, tav

plex:espians/tav | tav at espians.com | +44 (0) 7809 569 369
http://tav.espians.com | @tav | skype:tavespian
-------------- next part --------------
A non-text attachment was scrubbed...
Name: safelite.py
Type: text/x-python-script
Size: 5993 bytes
Desc: not available
URL: <http://mail.python.org/pipermail/python-dev/attachments/20090223/4f9feece/attachment.bin>

More information about the Python-Dev mailing list