[Python-Dev] Challenge: Please break this! (a.k.a restricted mode revisited)

Arthur Darcet arthur at darcet.fr
Fri Apr 8 11:21:38 EDT 2016

On 8 April 2016 at 16:18, Jon Ribbens <jon+python-dev at unequivocal.co.uk>

> I've made another attempt at Python sandboxing, which does something
> which I've not seen tried before - using the 'ast' module to do static
> analysis of the untrusted code before it's executed, to prevent most
> of the sneaky tricks that have been used to break out of past attempts
> at sandboxes.
> In short, I'm turning Python's usual "gentleman's agreement" that you
> should not access names and attributes that are indicated as private
> by starting with an underscore into a rigidly enforced rule: try and
> access anything starting with an underscore and your code will not be
> run.
> Anyway the code is at https://github.com/jribbens/unsafe
> It requires Python 3.4 or later (it could probably be made to work on
> Python 2.7 as well, but it would need some changes).
> I would be very interested to see if anyone can manage to break it.
> Bugs which are trivially fixable are of course welcomed, but the real
> question is: is this approach basically sound, or is it fundamentally
> unworkable?

If i'm not mistaken, this breaks out:

> exec('open("out", "w").write("a")', {})

because if the second argument of exec does not contain a __builtins__ key,
then a copy of the original builtins module is inserted:
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-dev/attachments/20160408/7e707888/attachment-0001.html>

More information about the Python-Dev mailing list