Restricted Execution on the cheap
Duncan Booth
duncan.booth at invalid.invalid
Tue Nov 30 07:17:06 EST 2004
David Pokorny wrote:
> Suppose that one wants to set up a machine to accept python code from,
> say, arbitrary email, and run it safely. Would the following
> (somewhat draconian) precautions be sufficient?
> [assume the Python code is in hack.py]
>
> grep exec hack.py ==> nothing
> grep eval hack.py ==> nothing
> etc... for 'import', 'builtin', 'globals','reload'
> 'compile', 'file', 'open', 'input', 'locals', 'vars'
>
Assuming you think *very* hard about everything that someone might try.
Your list above certainly isn't enough though. I'm pretty sure you also
need to block getattr otherwise:
>>> def f(): pass
>>> getattr(getattr(f,
'shap_tybonyf'.decode('rot13'))['__ohvygvaf__'.decode('rot13')],
'x\x9cK\xce\xcf-\xc8\xccI\x05\x00\x0b\xaf\x02\xea'.decode('zip'))
<built-in function compile>
More information about the Python-list
mailing list