[Python-Dev] Challenge: Please break this! (was: Reviving restricted mode) (original) (raw)
tav tav at espians.com
Tue Feb 24 01:33:35 CET 2009
- Previous message: [Python-Dev] Challenge: Please break this! (was: Reviving restricted mode)
- Next message: [Python-Dev] Challenge: Please break this! [Now with blog post]
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hey all,
victor> Could you keep all versions of safelite.py?
I took Steven D'Aprano's advice and added a VERSION attribute and state the latest version on http://tav.espians.com/a-challenge-to-break-python-security.html
Is that okay?
antoine> I guess Tav should open a restaurant :-)
Hehe!! Thankfully I only offered to it to the first person phew!
farshid> It seems like some code in safelite passes farshid> a file object to isinstance. By overriding the farshid> builtin isinstance function I can get access to frashid> the original file object and create a new one.
Farshid, this is beautiful!!!
Thank you -- it's very nicely done!!
Do you have a website I could link to from the blog article?
guido> I think in the next version Tav will have to stop guido> the sharing of builtins between the supervisor guido> and the sandboxed code. There are too many guido> tricks you can play with this.
Done.
The common pattern that arised out of the various builtins-overriding-hacks is that "safe" code should never make assumptions about the state of the globals. The use of closures seems to fix this problem with an easily-auditable design pattern.
-- love, tav
plex:espians/tav | tav at espians.com | +44 (0) 7809 569 369 http://tav.espians.com | http://twitter.com/tav | skype:tavespian
- Previous message: [Python-Dev] Challenge: Please break this! (was: Reviving restricted mode)
- Next message: [Python-Dev] Challenge: Please break this! [Now with blog post]
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]