[Python-Dev] Challenge: Please break this! [Now with blog post]
Steve Holden
steve at holdenweb.com
Mon Feb 23 23:58:21 CET 2009
Don't I remember the previous restricted module dying a similar "death
of 1,000 cuts" before it was concluded to be unsafe at any height and
abandoned?
regards
Steve
Guido van Rossum wrote:
> TWIW, on Twitter, Ian Bicking just came up with a half-solution. I
> figured out the other half. I guess you own Ian drinks and me dinner.
> :-)
>
> $ python
> Python 2.5.3a0 (release25-maint:64494, Jun 23 2008, 19:17:09)
> [GCC 4.0.3 (Ubuntu 4.0.3-1ubuntu5)] on linux2
> Type "help", "copyright", "credits" or "license" for more information.
>>>> from safelite import FileReader
>>>> class S(str):
> ... def __eq__(self, o): print o; return 'r' == o
> ...
>>>> f = FileReader('w00t', S('w'))
> r
>>>> f.close()
>>>>
> $ ls -l w00t
> -rw-r----- 1 guido eng 0 Feb 23 14:50 w00t
> $
>
>
> On Mon, Feb 23, 2009 at 2:41 PM, tav <tav at espians.com> wrote:
>>> I take it back, we need to find all the trivial ones too.
>> Agreed!
>>
>>> BTW Tav, you ought to create a small website for this challenge. A
>>> blog post or wiki page would suffice.
>> Done.
>>
>> http://tav.espians.com/a-challenge-to-break-python-security.html
>>
>> Please blog/retweet and of course, try the challenge yourselves =)
>>
--
Steve Holden +1 571 484 6266 +1 800 494 3119
Holden Web LLC http://www.holdenweb.com/
More information about the Python-Dev
mailing list