[Python-Dev] Challenge: Please break this! (was: Reviving restricted mode)

Hey all, As an attempt to convince everyone of the merits of my functions-based approach to security, I've come up with a simple challenge. I've attached it as safelite.py The challenge is simple: * Open a fresh Python interpreter * Do: >>> from safelite import FileReader * You can use FileReader to read files on your filesystem * Now find a way to *write* to the filesystem from your interpreter Please note that the aim of this isn't to protect Python against crashes/segfaults or exhaustion of resources attacks, so those don't count. I'm keen to know your experiences even if you don't manage to write to the filesystem -- and especially if you do! Dinner and drinks on me for an evening -- when you are next in London or I am in your town -- to the first person who manages to break safelite.py and write to the filesystem. Good luck and thanks! =) > If you block __closure__ and __globals__ on function objects you will get a > semblance of a private namespace. That way you might (I have not thought > this one through like securing the interpreter for embedding) be able to get > what you need to safely pass in Python code through the globals of the code > being executed. Brett, this is exactly what I do. You also need to restrict func_code. The patch is simply for closing the other loopholes: type.__subclasses__, GeneratorType.gi_frame and gi_code. All possible in a patch of 6 lines of code thanks to Python's existing restricted framework in the interpreter. Please review and accept =) * http://codereview.appspot.com/20051 * http://codereview.appspot.com/21051 Thanks! -- love, tav plex:espians/tav | tav at espians.com | +44 (0) 7809 569 369 http://tav.espians.com | @tav | skype:tavespian -------------- next part -------------- A non-text attachment was scrubbed... Name: safelite.py Type: text/x-python-script Size: 5993 bytes Desc: not available URL: <http://mail.python.org/pipermail/python-dev/attachments/20090223/4f9feece/attachment.bin>