Phil Hassey wrote:
My current biggest concern is the _BUILTIN_OK list. If you look below
it, I have a copy of the same from Zope. They don't include some items
that I do include - such as filter and slice and object. Anyone
know if those functions can be used for naughty activities? Or why
Quick update here:
- I've moved this code into a svn repository:
svn://www.imitationpickles.org/pysafe/trunk
I've stripped the tests and notes and other misc. junk out of safe.py and put
them in separate files so that safe.py is nice and small and easy to look at.
Since my initial mention
Phil Hassey wrote:
Hey,
I've updated the script with some more tests and other goodies.
The following program executes code outside safe_eval.
from safe import safe_eval
TestCode =
def delmethod(self):
print 'I am out.'
foo=type('Foo', (object,), {'_' + '_del_' + '_':delmethod})()
P.S. - if anyone has any theoretical ideas on how they could break safe.py, but
can't be bothered to try to do it themselves, please post them. I'll give it a
shot.
One theoretical one I have is doing something like:
d = {}
v = some_bad_value_that_when_printed_executes_something ?!
v2 = d[v]
Greg,
Thanks for giving it a try :)
I'll add in the name safe_exec, since that makes sense :)
As for disallowing __ string literals - this is because in my search of the
parse tree, I use a simple, yet exhaustive search of all attributes for
anything that looks bad. Having it customized for
Lenard Lindstrom wrote:
I can't find any way to exploit this loophole though. But maybe the
__del__ method could be used to exhaust memory in an infinitely
recursive way.
You can do that from inside safe_eval anyway, so I don't
think that's an additional problem.
--
Greg
Greg Ewing wrote:
Lenard Lindstrom wrote:
I can't find any way to exploit this loophole though. But maybe the
__del__ method could be used to exhaust memory in an infinitely
recursive way.
You can do that from inside safe_eval anyway, so I don't
think that's an additional problem.
My
Phil Hassey wrote:
What in particular did
you have to change to make it work with python 2.3?
I'm not sure why, but when I run it, in _builtins_destroy,
__builtins__ turns out to be a dict, not a module, so
instead of
for k in __builtins__.__dict__.keys():
I need to just do
for k in
Yeah I read that warning in the source :) This is a difficult issue that
many have tried to conquer and failed before, but it's worth looking at
again I think. I'll try to integrate your script in my silly hacking game
and produce some working scripts for you, although the way I load the
Phil Hassey wrote:
I spent some time today working on building a safe_eval function that
would make it safe to run user submitted bots in games
Does it need any particular version of Python? When
I run it using the following (in 2.3 or 2.4):
#--
import
Phil Hassey wrote:
Anyway, feel free to poke around the code. I think a working safe_eval
would be a huge asset for games developed in python that want to have
user submitted mods / bots.
if submissions are handled manually, i guess reviewing might be possible too,
but certainly there are
Hey,
I've updated the script with some more tests and other goodies.
http://www.imitationpickles.org/tmp/safe.py
Regarding the stuff you mentioned - yah, it'll be interesting to see where PyPy
goes. As for embeding another language in Galcon - I did consider embedding
lua - it's pretty
Phil Hassey wrote:
Hey,
I've updated the script with some more tests and other goodies.
http://www.imitationpickles.org/tmp/safe.py
Regarding the stuff you mentioned - yah, it'll be interesting to see
where PyPy goes. As for embeding another language in Galcon - I did
consider embedding
Hey,
I spent some time today working on building a safe_eval function that would
make it safe to run user submitted bots in games (Galcon, being that game ;)
http://www.imitationpickles.org/tmp/safe.py
The file includes links to a number of references on the topic, and why likely
this won't
Excellent work Phil, a subject close to my own heart/brain.
Jon
Quoting Phil Hassey [EMAIL PROTECTED]:
Hey,
I spent some time today working on building a safe_eval function that would
make it safe to run user submitted bots in games (Galcon, being that game
;)
Sounds cool, and this is an important problem domain for python, even beyond
gaming. I've been needing this for similar reasons, and the hacks I've been
using are pretty flimsy.
re.sub(script,'import','_no_imports_') FTW
Hey,
Mind though - the reason I posted is because I have serious doubts as to the
security of this module. Even since the post I've found several bugs and
things to change to make it better. Hence the intro to safe.py:
This file is public domain and is not suited for any serious purpose.
17 matches
Mail list logo