[Python-Dev] Challenge: Please break this! [Now with blog post] (original) (raw)
Steve Holden steve at holdenweb.com
Mon Feb 23 23:58:21 CET 2009
- Previous message: [Python-Dev] Challenge: Please break this! [Now with blog post]
- Next message: [Python-Dev] Challenge: Please break this! [Now with blog post]
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Don't I remember the previous restricted module dying a similar "death of 1,000 cuts" before it was concluded to be unsafe at any height and abandoned?
regards Steve
Guido van Rossum wrote:
TWIW, on Twitter, Ian Bicking just came up with a half-solution. I figured out the other half. I guess you own Ian drinks and me dinner. :-)
$ python Python 2.5.3a0 (release25-maint:64494, Jun 23 2008, 19:17:09) [GCC 4.0.3 (Ubuntu 4.0.3-1ubuntu5)] on linux2 Type "help", "copyright", "credits" or "license" for more information.
from safelite import FileReader class S(str): ... def eq(self, o): print o; return 'r' == o ... f = FileReader('w00t', S('w')) r f.close()
$ ls -l w00t -rw-r----- 1 guido eng 0 Feb 23 14:50 w00t $ On Mon, Feb 23, 2009 at 2:41 PM, tav <tav at espians.com> wrote: I take it back, we need to find all the trivial ones too. Agreed! BTW Tav, you ought to create a small website for this challenge. A blog post or wiki page would suffice. Done. http://tav.espians.com/a-challenge-to-break-python-security.html Please blog/retweet and of course, try the challenge yourselves =)
-- Steve Holden +1 571 484 6266 +1 800 494 3119 Holden Web LLC http://www.holdenweb.com/
- Previous message: [Python-Dev] Challenge: Please break this! [Now with blog post]
- Next message: [Python-Dev] Challenge: Please break this! [Now with blog post]
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]