On Mon, Feb 23, 2009 at 3:16 PM, "Martin v. Löwis" <mar...@v.loewis.de> wrote: >> Don't I remember the previous restricted module dying a similar "death >> of 1,000 cuts" before it was concluded to be unsafe at any height and >> abandoned? > > I think you are slightly misremembering. It got cut again and again, > but never died. Then, new-style classes hit an artery, and it bled > to death. > > I'm curious how this one fares.
FWIW, I am remembering more about how Samuele cracked it. It had to do with getting the supervisor code to call one of its own functions with arguments provided by the sandboxed code. Tav's safelite.py doesn't seem to be directly exploitable that way because (using ctypes hacks) it *removes* some offending special methods. But that door would be at least slightly ajar with Tar's proposed patch to Python, as that doesn't remove the offending attributes (__subclasses__ etc.); it only forbids them in restricted mode. But this once again enables Samuele's hack. (Oh if I only could find the link with the actual attack -- it was quite a bit more devious than attacks linked to so far.) -- --Guido van Rossum (home page: http://www.python.org/~guido/) _______________________________________________ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
