[Python-Dev] Challenge: Please break this! (a.k.a restricted mode revisited)

Victor Stinner victor.stinner at gmail.com
Tue Apr 12 08:24:31 EDT 2016

2016-04-12 14:18 GMT+02:00 Jon Ribbens <jon+python-dev at unequivocal.co.uk>:
> The question is: with a minimal (or empty) set of builtins, and a
> restriction on ast.Name and ast.Attribute nodes, can exec/eval be
> made 'safe' so they cannot execute code outside the sandbox.

According to multiple exploits listed in this thread, no, it's not possible.

> If anyone had managed to find any more examples of holes in the
> original featureset after the first couple then I would agree with
> you, but they haven't.

See my latest exploit using functools.update_wrapper() + A.__setattr__() ;-)

>> As others pointed out, this particular approach (with maybe
>> different details) has been tried again and again and again
> This simply isn't true either. As far as I can see, only
> RestrictedPython has tried anything remotely similar, and
> to the best of my ability to determine, that project is not
> considerd a failure.

IMHO nobody seriously audited RestrictedPython. It doesn't mean that
it's secure.

When it was created, security was less important than nowadays.


More information about the Python-Dev mailing list