Embedding Python in Python
Robey Holderith
robey at slash_dev_slash_random.org
Wed Aug 18 17:53:02 EDT 2004
I've found the crack in the armor. See additions below.
-Robey
On Wed, 18 Aug 2004 16:48:26 -0500, Robey Holderith wrote:
>
>
> Where test2.py looked like this:
>
>
> #---------Begin Code
>
> print __builtins__
>
> try:
> del __builtins__
> print 'del worked'
> except:
> pass
>
> try:
> exec('del __builtins__')
> print('exec del worked')
> except:
> pass
>
> try:
> import sys
> print 'Import Worked'
> except:
> pass
>
> try:
> f = file('out.tmp','w')
> f.write('asdfasdf')
> f.close()
> print 'File Access Worked'
> except:
> pass
>
> seed()
>
> def move():
#Add the following for a nice security hole
global __builtins__
del __builtins__
> print __builtins__
>
> #------ End Code
>
> I sure it has a crack in in somewhere, but it doesn't
> seem to be del __builtins__ .
>
> -Robey
More information about the Python-list
mailing list