[Python-Dev] Security capabilities in Python (original) (raw)
Michael Hudson mwh at python.net
Sat Apr 9 20:13:04 CEST 2005
- Previous message: [Python-Dev] Security capabilities in Python
- Next message: [Python-Dev] Security capabilities in Python
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Jp Calderone <exarkun at divmod.com> writes:
Does using the gc module to bypass this security count? If so:
exarkun at boson:~$ python -i facet.py >>> import gc >>> c = readonlyfacet.getattr.funcclosure[1] >>> r = gc.getreferents(c)[0] >>> r.n = 'hax0r3d' >>> readonlyfacet.value() 'hax0r3d' >>> This is the easiest way of which I know to bypass the use of cells as a security mechanism. I believe there are other more involved (and fragile, probably) ways, though.
The funniest I know is part of PyPy:
def extract_cell_content(c): """Get the value contained in a CPython 'cell', as read through the func_closure of a function object.""" # yuk! this is all I could come up with that works in Python 2.2 too class X(object): def eq(self, other): self.other = other x = X() x_cell, = (lambda: x).func_closure x_cell == c return x.other
It would be unfortunate for PyPy (and IMHO, very un-pythonic) if this process became impossible.
Cheers, mwh
-- Java sucks. [...] Java on TV set top boxes will suck so hard it might well inhale people from off their sofa until their heads get wedged in the card slots. --- Jon Rabone, ucam.chat
- Previous message: [Python-Dev] Security capabilities in Python
- Next message: [Python-Dev] Security capabilities in Python
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]