Secure Python

Steven D'Aprano steve at REMOVEME.cybersource.com.au
Thu Nov 16 05:23:11 CET 2006


On Thu, 16 Nov 2006 04:02:58 +0100, Fredrik Tolf wrote:

> Hi List!
> 
> I was thinking about secure Python code execution, and I'd really
> appreciate some comments from those who know Python better than I do.
> 
> I was thinking that maybe it could be possible to load and run untrusted
> Python code, simply by loading it in a module with a modified version of
> __builtins__. Without any reachable function that do unsafe operations,
> code running from there shouldn't be able to do evil things.

How would you prevent a Denial Of Service attack like this?

# don't try this at home kids! leave this to the professionals!
n = 10000**4
L = []
for i in range(n):
    L.append(str(2L**n))

Here's an interesting one. Bug or deliberate attack?


def evens():
    # iterator returning even numbers
    i = 0
    while True:
        yield i
        i += 2
# now get all the even numbers up to 15
L = [n for n in evens() if n < 15]



-- 
Steven D'Aprano 




More information about the Python-list mailing list