> [('recId', 3), ('parse', {'pos': u'np', 'gen': u'm'})] > [('recId', 5), ('parse', {'pos': u'np', 'gen': u'm'})] > # line injected by a malicious user > "__import__('os').system('echo if I were bad I could do worse')" > [('recId', 7 ), ('parse', {'pos': u'np', 'gen': u'm'})]
I'm curious, if you disabled import, could you make eval safe? For example: >>> eval("__import__('os').system('echo if I were bad I could do worse')") if I were bad I could do worse 0 >>> eval("__import__('os').system('echo if I were bad I could do worse')", >>> {'__import__': lambda x:None}) Traceback (most recent call last): File "<stdin>", line 1, in ? File "<string>", line 0, in ? AttributeError: 'NoneType' object has no attribute 'system' So, it seems to be possible to disable access to imports, but is this enough? Are there other ways to access modules, or do damage via built-in commands? It seems that there must be a way to use eval safely, as there are plenty of apps that embed python as a scripting language - and what's the point of an eval function if impossible to use safely, and you have to write your own Python parser!! -- http://mail.python.org/mailman/listinfo/python-list