Security hole in rexec?

Dieter Maurer dieter at handshake.de
Sun Aug 25 21:36:37 CEST 2002


t_therkelsen at hotmail.com (Troels Therkelsen) writes on 24 Aug 2002 09:42:09 -0700:
>   >>> import rexec
>   >>> r = rexec.RExec()
> ...
>   >>> r.r_exec("del __builtins__")
>   >>> r.r_exec("import sys; print sys.stdout")
>   <open file '<stdout>', mode 'w' at 0x80fe2a0>
> 
> If __builtins__ is so critical to the operation of the 'sandbox' how
> is it possible to break it from within the 'sandbox'?  Have I stumbled
> across a bug in rexec?  Have I misunderstood something important?
Indeed, this seems to be a bug. Please report it in Python's
bug tracker at SourceForge.


Dieter



More information about the Python-list mailing list