[Python-Dev] Challenge: Please break this! (was: Reviving restricted mode) (original) (raw)
Farshid Lashkari flashk at gmail.com
Tue Feb 24 00:51:25 CET 2009
- Previous message: [Python-Dev] Challenge: Please break this! (was: Reviving restricted mode)
- Next message: [Python-Dev] Challenge: Please break this! (was: Reviving restricted mode)
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
It seems like some code in safelite passes a file object to isinstance. By overriding the builtin isinstance function I can get access to the original file object and create a new one. Here is the code I used:
from safelite import FileReader
_real_file = None
def _new_isinstance(obj,types): global _real_file if _real_file is None and obj.class.name == 'file': _real_file = obj.class return _old_isinstance(obj,types)
_old_isinstance = builtins.isinstance builtins.isinstance = _new_isinstance
FileReader('nul')
f = _real_file('foo.txt','w') f.write('hello') f.close()
-Farshid
On Mon, Feb 23, 2009 at 12:10 PM, tav <tav at espians.com> wrote:
Hey all,
As an attempt to convince everyone of the merits of my functions-based approach to security, I've come up with a simple challenge. I've attached it as safelite.py The challenge is simple: * Open a fresh Python interpreter * Do: >>> from safelite import FileReader * You can use FileReader to read files on your filesystem * Now find a way to write to the filesystem from your interpreter Please note that the aim of this isn't to protect Python against crashes/segfaults or exhaustion of resources attacks, so those don't count. I'm keen to know your experiences even if you don't manage to write to the filesystem -- and especially if you do! Dinner and drinks on me for an evening -- when you are next in London or I am in your town -- to the first person who manages to break safelite.py and write to the filesystem. Good luck and thanks! =)
If you block closure and globals on function objects you will get a semblance of a private namespace. That way you might (I have not thought this one through like securing the interpreter for embedding) be able to get what you need to safely pass in Python code through the globals of the code being executed. Brett, this is exactly what I do. You also need to restrict funccode. The patch is simply for closing the other loopholes: type.subclasses, GeneratorType.giframe and gicode. All possible in a patch of 6 lines of code thanks to Python's existing restricted framework in the interpreter. Please review and accept =) * http://codereview.appspot.com/20051 * http://codereview.appspot.com/21051 Thanks! -- love, tav plex:espians/tav | tav at espians.com | +44 (0) 7809 569 369 http://tav.espians.com | @tav | skype:tavespian
Python-Dev mailing list Python-Dev at python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/flashk%40gmail.com
- Previous message: [Python-Dev] Challenge: Please break this! (was: Reviving restricted mode)
- Next message: [Python-Dev] Challenge: Please break this! (was: Reviving restricted mode)
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]