Executing untrusted code

Emanuele D'Arrigo manu3d at gmail.com
Thu Aug 20 23:46:19 CEST 2009

Christian, Rami and Steven, thank you all for your help. It wasn't
meant to be a challenge, I knew it ought to be easily breakable. I'm
no hacker and it just helps to have some examples to better understand
the issue.

On Aug 20, 7:42 pm, Steven D'Aprano <st... at REMOVE-
> On a related topic, you should read this post here:
> http://tav.espians.com/a-challenge-to-break-python-security.html

Indeed I did read the post and my minimalistic test was inspired by
some of the code in it (I didn't know you could replace the
builtins!). Tav's effort kinda of ended nowhere though. My
understanding of it is that it hasn't been broken and that Tav has
submitted a patch to secure some of python's innards. But

Steven, you are perfectly right, I didn't test it and I missed the
crucial part in which I store the __builtins__ dictionary in the
dictionary of the new originalBuiltins module. My bad. Still, you did
understand my intentions and did give me a simple example of how it
could be broken. Thank you.

-However- I would suggest that conceptually the "award" goes to
Christian. ;)

In the same way the open builtin function can be replaced or removed,
also reload, file, __import__, exec, execfile and any other
potentially "unsafe" builtin can be replaced with safer versions. Or

Christian's solution though, seems to be much trickier to evade. Can
the object class be replaced at runtime with a version that does not
provide a way to reach its subclasses?


More information about the Python-list mailing list