[Python-Dev] Challenge: Please break this! (a.k.a restricted mode revisited) (original) (raw)
Victor Stinner victor.stinner at gmail.com
Tue Apr 12 08:24:31 EDT 2016
- Previous message (by thread): [Python-Dev] Challenge: Please break this! (a.k.a restricted mode revisited)
- Next message (by thread): [Python-Dev] Challenge: Please break this! (a.k.a restricted mode revisited)
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
2016-04-12 14:18 GMT+02:00 Jon Ribbens <jon+python-dev at unequivocal.co.uk>:
The question is: with a minimal (or empty) set of builtins, and a restriction on ast.Name and ast.Attribute nodes, can exec/eval be made 'safe' so they cannot execute code outside the sandbox.
According to multiple exploits listed in this thread, no, it's not possible.
If anyone had managed to find any more examples of holes in the original featureset after the first couple then I would agree with you, but they haven't.
See my latest exploit using functools.update_wrapper() + A.setattr() ;-)
As others pointed out, this particular approach (with maybe different details) has been tried again and again and again This simply isn't true either. As far as I can see, only RestrictedPython has tried anything remotely similar, and to the best of my ability to determine, that project is not considerd a failure.
IMHO nobody seriously audited RestrictedPython. It doesn't mean that it's secure.
When it was created, security was less important than nowadays.
Victor
- Previous message (by thread): [Python-Dev] Challenge: Please break this! (a.k.a restricted mode revisited)
- Next message (by thread): [Python-Dev] Challenge: Please break this! (a.k.a restricted mode revisited)
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]