[Python-Dev] Challenge: Please break this! [Now with blog post] (original) (raw)
Guido van Rossum guido at python.org
Tue Feb 24 01:59:57 CET 2009
- Previous message: [Python-Dev] Challenge: Please break this! [Now with blog post]
- Next message: [Python-Dev] Challenge: Please break this! [Now with blog post]
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Another potential avenue for attacks:
I can access the various class and metaclass objects easily:
f = FileReader('/etc/passwd') f.class <class 'safelite.NamespaceObject'> f.class.metaclass <class 'safelite.NamespaceContext'> f.class.metaclass.call f.class.metaclass.call.imfunc <function __call__ at 0x66470> kall = f.class.metaclass.call.imfunc
Now calling kall() with appropriate arguments will allow me to let the supervisor do setattr() operations on any object I have access to. It will probably end with an exception but that shouldn't matter:
kall(f.class.metaclass, [('foo', 47)]) <type 'list'> f.class.metaclass.foo 47
Insofar as the metaclass has any purpose at all for security this might let us thwart that purpose...
-- --Guido van Rossum (home page: http://www.python.org/~guido/)
- Previous message: [Python-Dev] Challenge: Please break this! [Now with blog post]
- Next message: [Python-Dev] Challenge: Please break this! [Now with blog post]
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]