[Python-Dev] Challenge: Please break this! (was: Reviving restricted mode)
Guido van Rossum
guido at python.org
Mon Feb 23 22:38:21 CET 2009
On Mon, Feb 23, 2009 at 1:36 PM, Guido van Rossum <guido at python.org> wrote:
> On Mon, Feb 23, 2009 at 1:12 PM, Victor Stinner
> <victor.stinner at haypocalc.com> wrote:
>>> The challenge is simple:
>>>
>>> * Open a fresh Python interpreter
>>> * Do: >>> from safelite import FileReader
>>> * You can use FileReader to read files on your filesystem
>>> * Now find a way to *write* to the filesystem from your interpreter
>>
>> Well, the challenge is to get access to a module. And... it's quite simple :-p
>>
>> $ ./python
>>>>> from safelite import FileReader
>>>>> __builtins__.file
>> Traceback (most recent call last):
>> File "<stdin>", line 1, in <module>
>> AttributeError: 'module' object has no attribute 'file'
>>>>> reload(__builtins__)
>> <module '__builtin__' (built-in)>
>>>>> file('0wn3d', 'w').write('w00t\n')
>>>>>
>> $ cat 0wn3d
>> w00t
>>
>>> Dinner and drinks on me for an evening -- when you are next in London
>>> or I am in your town -- to the first person who manages to break
>>> safelite.py and write to the filesystem.
>>
>> Cool. It's a good reason to go to Pycon UK this yeak ;-)
>
> Tav should have made another stipulation: the attack must not be
> trivial to fix. This one seems trivial, e.g. by adding 'reload' to the
> list in secure_python_builtins().
I take it back, we need to find all the trivial ones too.
BTW Tav, you ought to create a small website for this challenge. A
blog post or wiki page would suffice.
--
--Guido van Rossum (home page: http://www.python.org/~guido/)
More information about the Python-Dev
mailing list