[Python-Dev] Challenge: Please break this! (a.k.a restricted mode revisited)

Isaac Morland ijmorlan at uwaterloo.ca
Tue Apr 12 06:21:04 EDT 2016


On Tue, 12 Apr 2016, Jon Ribbens wrote:

>> This is still a massive game of whack-a-mole.
>
> No, it still isn't. If the names blacklist had to keep being extended
> then you would be right, but that hasn't happened so far. Whitelists
> by definition contain only a small, limited number of potential moles.
>
> The only thing you found above that even remotely approaches an
> exploit is the decimal.getcontext() thing, and even that I don't
> think you could use to do any code execution.

"I don't think"?

Where's the formal proof?

Without a proof, this is indeed just a game of whack-a-mole.

I don't "think" Python is a suitable foundation for a sandboxing system 
intended for security purposes, but my "think" won't lead to security 
holes whereas yours will.  So, I would respectfully suggest that unless 
you increase the rigour of your effort substantially, it is not 
worthwhile.  Python is great for lots of applications already - there is 
no need to force it into unsuitable problem domains.

Isaac Morland           CSCF Web Guru
DC 2619, x36650         WWW Software Specialist


More information about the Python-Dev mailing list