Use eval() safely?

[Gregory Ewing]

Steven D'Aprano wrote:

> Not that I don't believe you (I do!) but could you demonstrate for the 
> record?

I posted a demonstration of this earlier in this thread. The
key thing is the __subclasses__() method of a class. You can
start with any object, work your way up the base class chain
to object, and then use __subclasses__() to get to any builtin
class in the system, including file.

There was a sandboxing scheme put forward a while back which
involves vetting the code and disallowing the use of any
double-underscore attribute names. With a suitably censored
set of builtin functions, this prevents the use of the
__subclasses__ hack, as well as some other potential lines
of attack. As far as I know, nobody managed to break it at
the time, but it probably hasn't been tested much in
the real world, if at all, so I probably wouldn't recommend
using it for anything critical.

-- 
Greg