Do not run this code.
Ian Kelly
ian.g.kelly at gmail.com
Thu Mar 5 02:59:19 EST 2015
On Thu, Mar 5, 2015 at 12:39 AM, Dave Farrance
<DaveFarrance at omitthisyahooandthis.co.uk> wrote:
> Ben Finney <ben+python at benfinney.id.au> wrote:
>
>>Chris Angelico <rosuav at gmail.com> writes:
>>
>>> import base64; exec(…)
>>
>>That's all I need to know. Code with ‘exec()’ calls, I consider unsafe
>>by default.
>
> Indeed. replacing exec with print...
>
>>>> print(base64.b64decode(b"eD0neD0lcjsgZXhlYyh4JSV4KSc7IGV4ZWMoeCV4KQ=="))
> x='x=%r; exec(x%%x)'; exec(x%x)
>
> so, discarding that second exec...
>
>>>> x='x=%r; exec(x%%x)'
>>>> print(x)
> x=%r; exec(x%%x)
>
> So it recurses, and if that second exec had been left in then it would be
> a fork bomb.
In order to be a fork bomb, it would have to call fork at some point.
This is just a race to see whether you'll run out of memory before the
recursion limit is reached.
More information about the Python-list
mailing list