--- On Thu, 4/29/10, Charles Wardlaw <cward...@marchentertainment.com> wrote:
> So you're telling me I can't modify sys.path to remove the
> standard Python libraries?
File access is part of builtins, you can remove that.
Even if you try, there's a million of sneaky ways to get it back, like the
following:
[t for t in type(1).__class__.__base__.__subclasses__() if hasattr(t,
"write")][0]("/path/to/file", "w").write("my payload")
> I'm not talking about a
> safe and secure sandboxed VM-- I mean literally remove the
> functionality. It's just a zip file or a folder or
> whatever, and there's no reason you can't block access to os
> and sys by not letting the interpreter see them.
os and sys are not required for file access.
Moreover, depending on the platform, they can be built into the interpreter
(not external modules).
> The other option is code introspection-- It's simple enough
> to read through text and see what's imported before it's
> even fed to the interpreter. There's no reason that
> autoloaded scripts couldn't be inspected at file open for
> dangerous items.
Good luck with that.
Even with an import hook, it's possible to go around such a measure.
> I say leave up a message on the download page or put it in
> the installer that Python is not secure and that by running
> Blender people may be opening themselves up to attack, or
> pop up a message if being run interactively. Not that
> I've ever heard of such attacks on users of embedded
> Python.
Sometimes it's not malicious. It could just be a poorly written script that
craps files all over your HD if not run in a certain way.
Martin
_______________________________________________
Bf-committers mailing list
Bf-committers@blender.org
http://lists.blender.org/mailman/listinfo/bf-committers
