Guido van Rossum wrote:
On Mon, Feb 23, 2009 at 3:16 PM, "Martin v. Löwis" <mar...@v.loewis.de> wrote:
Don't I remember the previous restricted module dying a similar "death
of 1,000 cuts" before it was concluded to be unsafe at any height and
abandoned?
I think you are slightly misremembering. It got cut again and again,
but never died. Then, new-style classes hit an artery, and it bled
to death.
I'm curious how this one fares.
FWIW, I am remembering more about how Samuele cracked it. It had to do
with getting the supervisor code to call one of its own functions with
arguments provided by the sandboxed code. Tav's safelite.py doesn't
seem to be directly exploitable that way because (using ctypes hacks)
it *removes* some offending special methods. But that door would be at
least slightly ajar with Tar's proposed patch to Python, as that
doesn't remove the offending attributes (__subclasses__ etc.); it only
forbids them in restricted mode. But this once again enables Samuele's
hack. (Oh if I only could find the link with the actual attack -- it
was quite a bit more devious than attacks linked to so far.)
http://mail.python.org/pipermail/python-dev/2003-March/033978.html
_______________________________________________
Python-Dev mailing list
Python-Dev@python.org
http://mail.python.org/mailman/listinfo/python-dev
Unsubscribe:
http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
