Serious privacy leak in Python for Windows
Jason Orendorff
jason at jorendorff.com
Wed Jan 16 18:07:00 EST 2002
> The ActiveScripting engine in Python, when used by IE, uses the "rexec"
> module to restrict what the code can do - Python's closest thing to a
> "sandbox".
>
> This rexec module does prevent file writes etc, but allows file reads -
> it uses a "safety" model rather than a "privacy" model.
Sure, by default. But it's easy to lock it down further.
class HardRExec(rexec.RExec):
ok_path = ()
ok_builtin_modules = () # probably too harsh
ok_posix_names = ()
ok_sys_names = ()
def r_open(self, file, mode='r', buf=-1):
raise IOError, "Can't open files in restricted mode."
Each of these statements (except the first) now fails:
hrx = HardRExec()
hrx.r_exec("f = open('/etc/passwd', 'r')")
hrx.r_exec("import __builtin__; __builtin__.open('/etc/passwd')")
hrx.r_exec("import os")
hrx.r_exec("import array")
It shouldn't be too hard to find the right policy.
## Jason Orendorff http://www.jorendorff.com/
More information about the Python-list
mailing list