[Python-Dev] Challenge: Please break this! [Now with blog post] (original) (raw)

tav tav at espians.com
Tue Feb 24 00:22:19 CET 2009

guido> >>> class S(str): guido> ... def eq(self, o): print o; return 'r' == o guido> [snip]

Very devious -- @eichin and Guido!

You guys get the price for the cutest exploit yet -- but sadly no dinner or drinks -- that was just for the first crack -- which goes to Victor =)

steve> Don't I remember the previous restricted module dying a steve> similar "death of 1,000 cuts" before it was concluded steve> to be unsafe at any height and abandoned?

Steve, this isn't death by a 1,000 cuts. What's being put forward here is not a specific implementation -- but rather a specific model of security (the object capability model) -- which has been proven to be foolproof.

The question here is whether Python can support that. And, my belief is that it can.

Besides the really nice eq hack, the other exploits so far are just an inappropriate setup of the environment -- the trick with object capability is ensuring that unsafe references aren't passed to untrusted code.

In an earlier version of safelite, I even returned the actual file object when f.close() was called... oops! But that doesn't invalidate the model or the possibility of using it in Python.

What would invalidate it is someone finding a way to bypass it completely in Python and this challenge is an attempt to see if we can find such a way.

-- love, tav

plex:espians/tav | tav at espians.com | +44 (0) 7809 569 369 http://tav.espians.com | http://twitter.com/tav | skype:tavespian

More information about the Python-Dev mailing list