[Python-Dev] Challenge: Please break this! (a.k.a restricted mode revisited)
Jon Ribbens
jon+python-dev at unequivocal.co.uk
Tue Apr 12 08:48:22 EDT 2016
On Tue, Apr 12, 2016 at 02:16:57PM +0200, Victor Stinner wrote:
> I read your code and the code of CPython. I found many issues.
Thanks for your efforts.
> Your "safe import" hides real functions with a proxy. Ok. But the code
> of modules is still run in the real namespace,
Yes, that was the intention.
> I found functools.update_wrapper(). I was very surprised because this
> function calls getattr() and setattr(), whereas your sandbox replaces
> these builtin functions.
Good point. It seems it was almost certainly foolish of me to add
'import' back in in response to peoples' comments while my original
concept was still being discussed.
> So here you have:
> ---
> import functools
Thanks, that was pretty clever. I've of course fixed it by reducing
the list of imports (a lot, since I had really audited them at all).
But you make a good point.
More information about the Python-Dev
mailing list