Untrusted code execution
Jon Ribbens
jon+usenet at unequivocal.co.uk
Sun Apr 10 13:06:49 EDT 2016
On 2016-04-07, Jon Ribbens <jon+usenet at unequivocal.co.uk> wrote:
> I've put an example script here:
>
> https://github.com/jribbens/unsafe/blob/master/unsafe.py
>
> When run as a script, it will execute whatever Python code you pass it
> on stdin.
>
> If anyone can break it (by which I mean escape from the sandbox,
> not make it use up all the memory or go into an infinite loop,
> both of which are trivial) then I would be very interested.
I've updated the script a bit, to fix a couple of bugs, to add back in
'with' and 'import' (of white-listed modules) and to add a REPL mode
which makes experimenting inside the sandbox easier. I'm still
interested to see if anyone can find a way out of it ;-)
More information about the Python-list
mailing list