Untrusted code execution
Chris Angelico
rosuav at gmail.com
Wed Apr 6 22:07:31 EDT 2016
On Thu, Apr 7, 2016 at 11:45 AM, Steven D'Aprano <steve at pearwood.info> wrote:
> And you would have to do something about the unfortunate matter that modules
> have a reference to the unrestricted __builtins__:
>
> py> os.__builtins__['eval']
> <built-in function eval>
This *in itself* is blocked by the rule against leading-underscore
attribute lookup. However, if you can get the sys module, the world's
your oyster; and any other module that imports sys will give it to
you:
>>> import os
>>> os.sys
<module 'sys' (built-in)>
>>> codecs.sys
<module 'sys' (built-in)>
Can't monkey-patch that away, and codecs.sys.modules["builtins"] will
give you access to the original builtins. And you can go to any number
of levels, tracing a chain from a white-listed module to the
unrestricted sys.modules. The only modules that would be safe to
whitelist are those that either don't import anything significant (I'm
pretty sure 'math' is safe), or import everything with underscores
("import sys as _sys").
ChrisA
More information about the Python-list
mailing list