Yet another attempt at a safe eval() call

Grant Edwards invalid at invalid.invalid
Fri Jan 4 17:16:09 CET 2013


On 2013-01-04, Michael Torrie <torriem at gmail.com> wrote:
> On 01/04/2013 08:53 AM, Grant Edwards wrote:
>> That's obviously the "right" thing to do.  I suppose I should figure
>> out how to use the ast module.  
>
> Or PyParsing.
>
> As for your program being "secure" I don't see that there's much to
> exploit.

There isn't.

> You're not running as a service, and you're not running your
> assembler as root, called from a normal user.  The user has your code
> and can "exploit" it anytime he wants.

I'm just trying to prevent surprises for people who are running the
assembler.  We have to assume that they trust the assembler code to
not cause damage intentionally.  But, one would not expect them to
have to worry that assembly language input fed to the assembler code
might cause some sort of collateral damage.

Sure, I can change the source code for gcc so that it wreaks havok
when I invoke it.  But, using the stock gcc compiler there shouldn't
be any source file I can feed it that will cause it to mail my bank
account info to somebody in Eastern Europe, install a keylogger, and
then remove all my files.

-- 
Grant Edwards               grant.b.edwards        Yow! I have a TINY BOWL in
                                  at               my HEAD
                              gmail.com            



More information about the Python-list mailing list