limited python virtual machine
Aahz
aahz at pythoncraft.com
Sat Jan 29 06:31:45 EST 2005
In article <1gr3mwj.1mhbjao122j7fxN%aleaxit at yahoo.com>,
Alex Martelli <aleaxit at yahoo.com> wrote:
>Steven Bethard <steven.bethard at gmail.com> wrote:
>>
>> If I could see how to go from 'object' (or 'int', 'str', 'file', etc.)
>> to 'eval' or '__import__', that would help out a lot...
>
>>>> object.__subclasses__()
>[<type 'type'>, <type 'weakref'>, <type 'int'>, <type 'basestring'>,
><type 'list'>, <type 'NoneType'>, <type 'NotImplementedType'>, <type
>'module'>, <type 'zipimport.zipimporter'>, <type 'posix.stat_result'>,
><type 'posix.statvfs_result'>, <type 'dict'>, <type 'function'>, <class
>'site._Printer'>, <class 'site._Helper'>, <type 'set'>, <type 'file'>]
>
>Traipse through these, find one class that has an unbound method, get
>that unbound method's func_globals, bingo.
One thing my company has done is written a ``safe_eval()`` that uses a
regex to disable double-underscore access.
--
Aahz (aahz at pythoncraft.com) <*> http://www.pythoncraft.com/
"19. A language that doesn't affect the way you think about programming,
is not worth knowing." --Alan Perlis
More information about the Python-list
mailing list