Escaping a Python sandbox

Steven D'Aprano steve+comp.lang.python at
Mon Mar 18 00:34:28 CET 2013

An example of how to hack your way out of a Python sandbox:

Now that we can build any function we want, what can we do? We can’t 
directly access the non restricted builtins: the functions we craft are 
still executed in the restricted environment. We can get a non sandboxed 
function to call us: the auth function call the __len__ method of the 
object that we pass as a parameter. This is however not enough to get 
out of the sandbox: our globals are still the same and we can’t for 
example import a module. I tried to look at all the classes we could 
access via the __subclasses__ trick to see if we could get a reference 
to a useful module through there, but no dice. Even getting Twisted to 
call one of our crafted functions via the reactor was not enough. We 
could try to get a traceback object and use it to browse the stack 
frames of our callers, but the only trivial ways to get a traceback 
object are via the inspect or the sys modules which we can’t import. 
After being blocked on that problem, I went to work on other problems, 
slept a lot, and woke up to the solution I needed!


More information about the Python-list mailing list