Turning String into Numerical Equation
Michael Spencer
mahs at telcopartners.com
Wed Mar 16 15:14:07 EST 2005
Giovanni Bajo wrote:
> Michael Spencer wrote:
>
>
>>>In fact, I believe my solution to be totally safe,
>>
>>That's a bold claim! I'll readily concede that I can't access
>>func_globals from restricted mode eval (others may know better). But
>>your interpreter is still be vulnerable to DOS-style attack from
>>rogue calculations or quasi-infinite loops.
>
>
>
> Yes, but I don't see your manually-rolled-up expression calculator being
> DOS-safe. I believe DOS attacks to be a problem whenever you want to calculate
> the result of an expression taken from the outside. What I was trying to show
> is that my simple one-liner is no worse than a multi-page full-blown expression
> parser and interpreter.
Fair point that brevity is itself valuable in achieving security. It isn't
worth using my "manually-rolled-up expression calculator" simply to deny access
to func_globals as you have demonstrated.
However, the advantage of the MRUEP is that every operation is evaluated
individually. In the example I showed, loops are disabled, attribute access is
disabled. Numeric inputs and intermediate results can be checked easily for
boundedness (though they are not in the example I gave). This sort of
fine-grain control is very much harder to do with a straight eval model.
Cheers
Michael
More information about the Python-list
mailing list