Security hole in rexec?
dieter at handshake.de
Sun Aug 25 21:36:37 CEST 2002
t_therkelsen at hotmail.com (Troels Therkelsen) writes on 24 Aug 2002 09:42:09 -0700:
> >>> import rexec
> >>> r = rexec.RExec()
> >>> r.r_exec("del __builtins__")
> >>> r.r_exec("import sys; print sys.stdout")
> <open file '<stdout>', mode 'w' at 0x80fe2a0>
> If __builtins__ is so critical to the operation of the 'sandbox' how
> is it possible to break it from within the 'sandbox'? Have I stumbled
> across a bug in rexec? Have I misunderstood something important?
Indeed, this seems to be a bug. Please report it in Python's
bug tracker at SourceForge.
More information about the Python-list