[Python-Dev] Challenge: Please break this! (a.k.a restricted mode revisited) (original) (raw)

Jon Ribbens jon+python-dev at unequivocal.co.uk
Tue Apr 12 08🔞33 EDT 2016

On Tue, Apr 12, 2016 at 01:38:09PM +0200, Maciej Fijalkowski wrote:

Jon, let me reiterate. You asked people to break it (that's the title of the thread) and they did so almost immediately. Then you patched the thing and asked them to break it again and they did. Now the faulty assumption here is that this procedure, repeated enough times will produce a secure environment - this is not how security works,

That is not an accurate summary of what has happened so far, nor am I making that assumption. You are misunderstanding the purpose of the experiment - I am not sure how, as I have tried to be quite clear.

The question is: with a minimal (or empty) set of builtins, and a restriction on ast.Name and ast.Attribute nodes, can exec/eval be made 'safe' so they cannot execute code outside the sandbox. The answer appears to be "yes", if the restriction is "^f?_". (If you additionally inject external objects to the namespace then they need to be proxied and mro() prevented.)

You can't do that just by asking on the mailing list and whacking all the examples.

If anyone had managed to find any more examples of holes in the original featureset after the first couple then I would agree with you, but they haven't.

As others pointed out, this particular approach (with maybe different details) has been tried again and again and again

This simply isn't true either. As far as I can see, only RestrictedPython has tried anything remotely similar, and to the best of my ability to determine, that project is not considerd a failure.

More information about the Python-Dev mailing list