Hey Andrew & Victor, tav> But the challenge was about doing `from safelite import FileReader`.
Andrew> Though it doesn't say so on the first post on this thread Andrew> nor your page at Andrew> http://tav.espians.com/a-challenge-to-break-python-security.html Sorry, perhaps I should have clearly instructed NOT to do `import safelite`. I thought the following text would have been clear enough: Open a fresh Python interpreter and do: >>> from safelite import FileReader But I can see how that might not have been enough. I'll amend the second line to: >>> from safelite import FileReader # AND NOT ``import safelite`` Would that be clearer? Andrew> I haven't been watching this discussion closely Andrew> and I can't find mention of this Sorry, the discussion has been meandering. It started on: * http://code.google.com/p/googleappengine/issues/detail?id=671 Then went onto: * http://codereview.appspot.com/21043/show And finally ended up here on Python-Dev to get approval for the patch. And in the process of getting the approval, the safelite challenge started... Andrew> is the goal to support only 2.x or also support Andrew> Python 3? Your model seems to assume 2.x Andrew> only, and there may be 3.x attacks that aren't Andrew> considered in the challenge. The model is suited for both 2.x and 3.x. The safelite test on the other hand is targeted at 2.x (starting from 2.5). You have a point with regards to there being 3.x attacks being out there. Perhaps we can get a 3.x compatible version of safelite out? tav> And instead of trying to make tb_frame go away, I'd like tav> to add the following to my proposed patch of tav> RESTRICTED attributes [snip] Andrew> which of course would make the above no longer work. The challenge helped identify those attributes. And will hopefully identify any other "leak" attributes which may still be there. Andrew> A goal is to use this in App Engine, yes? Yes. Andrew> Which uses cgitb to report errors? Which needs these Andrew> restricted frame attributes to report the values of Andrew> variables when the error occurred? The frame attributes will still be accessible by cgitb. Python's existing IsRestricted framework in the interpreter will take care of that. It's genius!! Victor> We should be able to restore the original environment. Victor> Example: Victor> jail(evil_func) # called in the jail Victor> # unsafe environment with __subclasses__, f_code, etc. Hmz, Python's IsRestricted already enables this. I think it's time that I wrote some documentation that Martin wanted explaining Python's already existing IsRestricted support. Besides a few lines here and there, there seems to be no comprehensive documentation on this that I can find anywhere. And I think this may be the cause of much confusion? Would that help? -- love, tav plex:espians/tav | t...@espians.com | +44 (0) 7809 569 369 http://tav.espians.com | http://twitter.com/tav | skype:tavespian _______________________________________________ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com