> I don't want to introduce insecurity. But also I want to really
> understand what the problem is -- especially because I teach python.
Hi Marilyn,
Here is an example of a string that can cause a StackOverflow error to
happen:
###
s = "(lambda loop: loop(loop)) (lambda self: self(self))"
eval(s)
###
The string 's' here looks funky, but in effect, it's definition is an
infinite loop in heavy lambda disguise. (Well, it would have been
infinite if Python had tail call optimization... *grin*)
The problem about eval() is that it's deceptively powerful: a single
expression in a language might seem like a small thing. But as soon as we
allow someone the ability to evaluate a single arbitrary expression, we've
basically given them the ability to do practically anything in Python.
eval() is THAT POWERFUL.
Here's another example:
###
def myint(x):
"""Makes an integer out of x."""
return eval(x)
print myint("41") + 1
print myint("42 and __import__('os').system('tail /etc/passwd')")
###
> And I can't see the security problem, unless there's a security problem
> already, like if I allowed incoming email to dictate the parameters that
> I send through the socket. The email provides data for argv[1:] but
> argv[0] is hard-coded.
The problem is one of capability. At worse, a function like:
###
def myint(x):
return int(x)
if __name__ == '__main__':
print myint(sys.argv[1]) + 1
###
can raise an exception if given weird command line arguments, but it at
least doesn't give the caller the ability to run an arbitrary shell
command. Contrast this situation to the version of myint() that uses
eval().
Does this make sense? Please ask more questions on this if you have any:
using eval() is almost certainly not a good idea unless you really know
what you're doing.
_______________________________________________
Tutor maillist - [EMAIL PROTECTED]
http://mail.python.org/mailman/listinfo/tutor
