[Python-Dev] Challenge: Please break this! [Now with blog post] (original) (raw)
tav tav at espians.com
Tue Feb 24 16:23:47 CET 2009
- Previous message: [Python-Dev] Challenge: Please break this! [Now with blog post]
- Next message: [Python-Dev] Challenge: Please break this! [Now with blog post]
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hey Andrew & Victor,
tav> But the challenge was about doing from safelite import FileReader.
Andrew> Though it doesn't say so on the first post on this thread Andrew> nor your page at Andrew> http://tav.espians.com/a-challenge-to-break-python-security.html
Sorry, perhaps I should have clearly instructed NOT to do import safelite.
I thought the following text would have been clear enough:
Open a fresh Python interpreter and do:
from safelite import FileReader
But I can see how that might not have been enough. I'll amend the second line to:
from safelite import FileReader # AND NOT
import safelite
Would that be clearer?
Andrew> I haven't been watching this discussion closely Andrew> and I can't find mention of this
Sorry, the discussion has been meandering. It started on:
Then went onto:
And finally ended up here on Python-Dev to get approval for the patch. And in the process of getting the approval, the safelite challenge started...
Andrew> is the goal to support only 2.x or also support Andrew> Python 3? Your model seems to assume 2.x Andrew> only, and there may be 3.x attacks that aren't Andrew> considered in the challenge.
The model is suited for both 2.x and 3.x. The safelite test on the other hand is targeted at 2.x (starting from 2.5).
You have a point with regards to there being 3.x attacks being out there. Perhaps we can get a 3.x compatible version of safelite out?
tav> And instead of trying to make tb_frame go away, I'd like tav> to add the following to my proposed patch of tav> RESTRICTED attributes [snip]
Andrew> which of course would make the above no longer work.
The challenge helped identify those attributes. And will hopefully identify any other "leak" attributes which may still be there.
Andrew> A goal is to use this in App Engine, yes?
Yes.
Andrew> Which uses cgitb to report errors? Which needs these Andrew> restricted frame attributes to report the values of Andrew> variables when the error occurred?
The frame attributes will still be accessible by cgitb. Python's existing IsRestricted framework in the interpreter will take care of that.
It's genius!!
Victor> We should be able to restore the original environment. Victor> Example:
Victor> jail(evil_func) # called in the jail Victor> # unsafe environment with subclasses, f_code, etc.
Hmz, Python's IsRestricted already enables this.
I think it's time that I wrote some documentation that Martin wanted explaining Python's already existing IsRestricted support.
Besides a few lines here and there, there seems to be no comprehensive documentation on this that I can find anywhere. And I think this may be the cause of much confusion?
Would that help?
-- love, tav
plex:espians/tav | tav at espians.com | +44 (0) 7809 569 369 http://tav.espians.com | http://twitter.com/tav | skype:tavespian
- Previous message: [Python-Dev] Challenge: Please break this! [Now with blog post]
- Next message: [Python-Dev] Challenge: Please break this! [Now with blog post]
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]