[Python-checkins] r51896 - python/branches/bcannon-objcap/Lib/test/security python/branches/bcannon-objcap/Lib/test/security/evil__del__.py

brett.cannon python-checkins at python.org
Sat Sep 16 06:00:43 CEST 2006 

Author: brett.cannon
Date: Sat Sep 16 06:00:41 2006
New Revision: 51896

Added:
   python/branches/bcannon-objcap/Lib/test/security/
   python/branches/bcannon-objcap/Lib/test/security/evil__del__.py   (contents, props changed)
Log:
Add a test directory that contains proof-of-concept security breach attempts.
These scripts should obviously not succeed (if they do then security is
broken).  Basically any possible way that security could be circumvented should
be put in here as a at-large test.

Obviously, at some point, a more structured test for each worry should be
developed, but this works for now and allows people to add more ways they think
people might try to circumvent security.


Added: python/branches/bcannon-objcap/Lib/test/security/evil__del__.py
==============================================================================
--- (empty file)
+++ python/branches/bcannon-objcap/Lib/test/security/evil__del__.py	Sat Sep 16 06:00:41 2006
@@ -0,0 +1,64 @@
+evil_str = r"""
+import __builtin__
+import sys
+
+class Evil(object):
+
+    builtin = __builtin__.__dict__
+    stdout = sys.stdout
+    NameError = NameError
+    BaseException = BaseException
+
+    def __init__(self, num):
+        self.num = num
+
+    def __del__(self):
+        if 'open' in self.builtin:
+            self.stdout.write('(%s) First Evil!\n' % self.num)
+        else:
+            self.stdout.write("(%s) First Good!\n" % self.num)
+        self.stdout.flush()
+
+        try:
+            temp = open
+        except self.NameError:
+            self.stdout.write("(%s) Second Good!\n" % self.num)
+        except self.BaseException, exc:
+            self.stdout.write("Unexpected exception: %r\n" % exc)
+        else:
+            self.stdout.write("(%s) Second Evil!\n" % self.num)
+        finally:
+            self.stdout.flush()
+
+# Deletion in own scope.
+Evil(0)
+
+# Cleanup of interpreter.
+__builtin__.__dict__['evil1'] = Evil(1)
+# Explicitly deleted in calling interpreter.
+__builtin__.__dict__['evil2'] = Evil(2)
+# Implicit deletion during teardown of calling interpreter.
+__builtin__.__dict__['evil3'] = Evil(3)
+"""
+
+import interpreter
+import __builtin__
+
+
+interp = interpreter.Interpreter()
+print 'Same builtins?:', ('no' if id(__builtin__.__dict__) !=
+                            id(interp.builtins) else 'yes')
+del interp.builtins['open']
+print 'Running interpreter ...'
+interp.execute(evil_str)
+
+evil2 = interp.builtins['evil2']
+evil3 = interp.builtins['evil3']
+
+print 'Deleting interpreter ...'
+del interp
+
+print 'Explicitly deleting locally ...'
+del evil2
+
+print 'Implicit deletion locally from interpreter teardown ...'

More information about the Python-checkins mailing list