[Python.NET] scary fun (who needs SystemExit?)
Brian Lloyd
brian at zope.com
Thu Mar 25 11:05:42 EST 2004
> Just fiddling around here:
>
> C:\misc\PythonNet-1.0-beta3>python
> Python 2.3.2 (#49, Oct 2 2003, 20:02:00) [MSC v.1200 32 bit (Intel)] on
win32
> Type "help", "copyright", "credits" or "license" for more information.
> >>> import CLR
> >>> L = CLR.System.Diagnostics.Process.GetProcesses()
> >>> for x in L:
> ... if x.ProcessName == u"python":
> ... x.Kill()
> C:\misc\PythonNet-1.0-beta3>
>
> This is one of very many scary things that can be done very easily
> using Python.Net. (I haven't tried to see what happens if it attempts
> to kill all the other processes before committing suicide...)
>
> Too much rope?
I've tried to be clear in the readme that Python for .NET does not
(and in many ways, cannot) play by the .NET security rules. So it
provides not only as much rope as you want, but also AKs, C4 and
the odd thermal detonator ;)
The nature of the integration (CPython rather than a managed
reimplementation) makes that unlikely to change, as it needs a
pretty high level of rights (reflection, memory access, etc.)
to run at all.
If IronPython ever happens (or some other pure-managed implementation)
it should be a be a much better citizen in this regard. My sense is
that security integration is usually either a non-issue for the app
in question or a total showstopper when people evaluate scripting
solutions for .NET. It would be nice to have tight integration so
that both groups could use Python ;^)
Brian Lloyd brian at zope.com
V.P. Engineering 540.361.1716
Zope Corporation http://www.zope.com
More information about the PythonDotNet
mailing list