[Python-Dev] Challenge: Please break this! [Now with blog post]
Andrew Dalke
dalke at dalkescientific.com
Tue Feb 24 15:28:57 CET 2009
tav <tav at espians.com>
> But the challenge was about doing `from safelite import FileReader`.
Though it doesn't say so on the first post on this thread nor your page at
http://tav.espians.com/a-challenge-to-break-python-security.html
It says "Now find a way to write to the filesystem from your
interpreter". Which is what I did. Who's to say your final
implementation will be more secure ;)
But I see your point. Perhaps update the description for those
misguided souls like me?
> This is just a challenge to see if the model holds
I haven't been watching this discussion closely and I can't find
mention of this - is the goal to support only 2.x or also support
Python 3? Your model seems to assume 2.x only, and there may be 3.x
attacks that aren't considered in the challenge.
For example, in Python 3 I would use the __traceback__ method of the
exception object to reach in and get the open function. That seems
morally equivalent to what I did.
I hacked out the parts of safelite.py which wouldn't work in Python3.
Following is a variation on the theme.
import safelite
try:
safelite.FileReader("/dev/null", "r", "x")
except TypeError as err:
frame = err.__traceback__.tb_next.tb_frame
frame.f_locals["open_file"]("test.txt", "w").write("done.")
> And instead of trying to make tb_frame go away, I'd like to add the
> following to my proposed patch of RESTRICTED attributes:
>
> * f_code
> * f_builtins
> * f_globals
> * f_locals
which of course would make the above no longer work.
Cheers,
Andrew
dalke at dalkescientific.com
More information about the Python-Dev
mailing list