Hi,
Le 03/03/2012 20:13, Armin Rigo a écrit :
I challenge anymore to break pysandbox! I would be happy if anyone
breaks it because it would make it more stronger.
I tried to run the files from Lib/test/crashers and --- kind of
obviously --- I found at least two of them that still segfaults
execfile.py, sometimes with minor edits and sometimes directly, on
CPython 2.7.
As described in the README file of pysandbox, pysandbox doesn't protect
against vulnerabilities or bugs in Python.
As usual, I don't see the point of "challenging" us when we have
crashers already documented. Also, it's not like Lib/test/crashers
contains in detail *all* crashers that exist; some of them are of the
kind "there is a general issue with xxx, here is an example".
If you are not concerned about segfaults but only real attacks, then
fine, I will not spend the hours necessary to turn the segfault into a
real attack :-)
You may be able to exploit crashers, but I don't plan to workaround such
CPython bug in pysandbox.
I'm looking for vulnerabilities in pysandbox, not in CPython.
Victor
_______________________________________________
Python-Dev mailing list
Python-Dev@python.org
http://mail.python.org/mailman/listinfo/python-dev
Unsubscribe:
http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
