Untrusted code execution
Jon Ribbens
jon+usenet at unequivocal.co.uk
Tue Apr 5 14:50:59 EDT 2016
On 2016-04-05, Chris Angelico <rosuav at gmail.com> wrote:
> On Wed, Apr 6, 2016 at 3:26 AM, Jon Ribbens
><jon+usenet at unequivocal.co.uk> wrote:
>> The received wisdom is that restricted code execution in Python is
>> an insolubly hard problem, but it looks a bit like my 7-line example
>> above disproves this theory, provided you choose carefully what you
>> provide in your restricted __builtins__ - but people who knows more
>> than me about Python seem to have thought about this problem for
>> longer than I have and come up with the opposite conclusion so I'm
>> curious what I'm missing.
>
> No, it doesn't disprove anything. All you've shown is "here's a piece
> of code that hasn't yet been compromised". :)
Yes, obviously. I wasn't asking for pedantry.
> Your code is a *lot* safer for using 'eval' rather than 'exec'.
> Otherwise, you'd be easily exploited using exceptions, which carry a
> ton of info.
... but all in attributes that don't start with "_", as far as I can see.
I think a very similar approach would work with 'exec' too, just you
would obviously have to disallow ast.Import and ast.ImportFrom.
> But even so, I would not bet money (much less the security of my
> systems) on this being safe.
I wasn't planning on betting any money ;-)
More information about the Python-list
mailing list