[Python-Dev] Challenge: Please break this! (was: Reviving restricted mode) (original) (raw)

tav tav at espians.com
Mon Feb 23 21:10:29 CET 2009

Hey all,

As an attempt to convince everyone of the merits of my functions-based approach to security, I've come up with a simple challenge. I've attached it as safelite.py

The challenge is simple:

Please note that the aim of this isn't to protect Python against crashes/segfaults or exhaustion of resources attacks, so those don't count.

I'm keen to know your experiences even if you don't manage to write to the filesystem -- and especially if you do!

Dinner and drinks on me for an evening -- when you are next in London or I am in your town -- to the first person who manages to break safelite.py and write to the filesystem.

Good luck and thanks! =)

If you block closure and globals on function objects you will get a semblance of a private namespace. That way you might (I have not thought this one through like securing the interpreter for embedding) be able to get what you need to safely pass in Python code through the globals of the code being executed.

Brett, this is exactly what I do. You also need to restrict func_code. The patch is simply for closing the other loopholes: type.subclasses, GeneratorType.gi_frame and gi_code. All possible in a patch of 6 lines of code thanks to Python's existing restricted framework in the interpreter.

Please review and accept =)

Thanks!

-- love, tav

plex:espians/tav | tav at espians.com | +44 (0) 7809 569 369 http://tav.espians.com | @tav | skype:tavespian -------------- next part -------------- A non-text attachment was scrubbed... Name: safelite.py Type: text/x-python-script Size: 5993 bytes Desc: not available URL: <http://mail.python.org/pipermail/python-dev/attachments/20090223/4f9feece/attachment.bin>

More information about the Python-Dev mailing list