[Python-Dev] Challenge: Please break this! [Now with blog post]
tav
tav at espians.com
Tue Feb 24 00:22:19 CET 2009
guido> >>> class S(str):
guido> ... def __eq__(self, o): print o; return 'r' == o
guido> [snip]
Very devious -- @eichin and Guido!
You guys get the price for the cutest exploit yet -- but sadly no
dinner or drinks -- that was just for the first crack -- which goes to
Victor =)
steve> Don't I remember the previous restricted module dying a
steve> similar "death of 1,000 cuts" before it was concluded
steve> to be unsafe at any height and abandoned?
Steve, this isn't death by a 1,000 cuts. What's being put forward here
is not a specific implementation -- but rather a specific model of
security (the object capability model) -- which has been proven to be
foolproof.
The question here is whether Python can support that. And, my belief
is that it can.
Besides the really nice __eq__ hack, the other exploits so far are
just an inappropriate setup of the environment -- the trick with
object capability is *ensuring* that unsafe references aren't passed
to untrusted code.
In an earlier version of safelite, I even returned the actual file
object when f.close() was called... oops! But that doesn't invalidate
the model or the possibility of using it in Python.
What would invalidate it is someone finding a way to bypass it
completely in Python and this challenge is an attempt to see if we can
find such a way.
--
love, tav
plex:espians/tav | tav at espians.com | +44 (0) 7809 569 369
http://tav.espians.com | http://twitter.com/tav | skype:tavespian
More information about the Python-Dev
mailing list