Secure Python
timmy
timothy at open-networks.net
Thu Nov 16 02:44:37 EST 2006
Steven D'Aprano wrote:
> On Thu, 16 Nov 2006 04:02:58 +0100, Fredrik Tolf wrote:
>
>
>>Hi List!
>>
>>I was thinking about secure Python code execution, and I'd really
>>appreciate some comments from those who know Python better than I do.
>>
>>I was thinking that maybe it could be possible to load and run untrusted
>>Python code, simply by loading it in a module with a modified version of
>>__builtins__. Without any reachable function that do unsafe operations,
>>code running from there shouldn't be able to do evil things.
>
>
> How would you prevent a Denial Of Service attack like this?
>
> # don't try this at home kids! leave this to the professionals!
> n = 10000**4
> L = []
> for i in range(n):
> L.append(str(2L**n))
>
> Here's an interesting one. Bug or deliberate attack?
>
>
> def evens():
> # iterator returning even numbers
> i = 0
> while True:
> yield i
> i += 2
> # now get all the even numbers up to 15
> L = [n for n in evens() if n < 15]
>
>
>
congraulations you have discovered loops and their misuse
More information about the Python-list
mailing list