Secure Python

timmy timothy at open-networks.net
Thu Nov 16 08:44:37 CET 2006


Steven D'Aprano wrote:
> On Thu, 16 Nov 2006 04:02:58 +0100, Fredrik Tolf wrote:
> 
> 
>>Hi List!
>>
>>I was thinking about secure Python code execution, and I'd really
>>appreciate some comments from those who know Python better than I do.
>>
>>I was thinking that maybe it could be possible to load and run untrusted
>>Python code, simply by loading it in a module with a modified version of
>>__builtins__. Without any reachable function that do unsafe operations,
>>code running from there shouldn't be able to do evil things.
> 
> 
> How would you prevent a Denial Of Service attack like this?
> 
> # don't try this at home kids! leave this to the professionals!
> n = 10000**4
> L = []
> for i in range(n):
>     L.append(str(2L**n))
> 
> Here's an interesting one. Bug or deliberate attack?
> 
> 
> def evens():
>     # iterator returning even numbers
>     i = 0
>     while True:
>         yield i
>         i += 2
> # now get all the even numbers up to 15
> L = [n for n in evens() if n < 15]
> 
> 
> 

congraulations you have discovered loops and their misuse



More information about the Python-list mailing list