How do you set up a stack?
Fredrik Lundh
fredrik at pythonware.com
Wed May 9 04:42:29 EDT 2001
s713221 at student.gu.edu.au wrote:
> However, all of these are dealing with numbers. I'd be interested to see
> if someone did have an example of a malicious eval use.
from the eff-bot guide to the standard library:
eval("__import__('os').remove('file')")
eval("__import__('os').system('rm -rf /')")
eval("'*'*1000000*2*2*2*2*2*2*2*2*2")
(etc)
eval("whatever", {"__builtins__": {}}) takes care of many
of them, but not memory/CPU attacks.
Cheers /F
More information about the Python-list
mailing list