On Oct 30, 3:50 pm, Aaron Brady <[EMAIL PROTECTED]> wrote: > On Oct 30, 6:35 am, "Emanuele D'Arrigo" <[EMAIL PROTECTED]> wrote: > > > > > I noticed that this issue has been discussed in this newsgroup > > periodically over the years and I seem to understand that - > > comprehensive- safe/restricted execution of untrusted code in python > > is currently quite hard to achieve. > > > What if the safety requirements are a little relaxed though? All I'd > > want to prevent is for the code opening/damaging files, formatting > > drives or similarly catastrophic exploits. I'm not particularly > > concerned if the application freeze or crashes. Nor if the > > application's objects are inspected and exploited. All I want is to > > make sure that if somebody uses my application plus a third party > > plugin for it, the worst that can happen is that they can't use my > > application with that plugin. > > > Is that feasible? > > > Thanks for your help! > > > Manu > > Hi. One opinion is that you could do it with a custom Python > installation, removing or restricting the import statement, removing > or restricting the os module, the file type, etc. Here is some > problematic code: > > >>> cust= (1).__class__.__bases__[0].__subclasses__() > >>> [ x for x in cust if x.__name__== 'file' ] > > [<type 'file'>] > > The foreign code can get to the 'file' type. If you don't have it, > that's not a problem. > > Otherwise, you might be able to remove access to it by modifying > however it is the 'cust' list is obtained. Perhaps you can use the > technique that's used to change the value of integers. Keep us > posted. Does this give you any ideas?
The hackery I was referring to makes a cut into this particular vulnerability. It empties the 'tp_subclasses' field of 'object', but who knows how else one could get to it? from _ctypes import _cast_addr _data_cast= c.PYFUNCTYPE(c.py_object, c.py_object, c.py_object, c.py_object)(_cast_addr) x= _data_cast( object, None, c.c_void_p ) y= _typeobject.from_address( x.value ) y.tp_subclasses= 0 #<--- dirty work done here (embarassed) assert (1).__class__.__bases__[0].__subclasses__()== [] #<--- (!!!) Though, oddly enough, _data_cast( object, None, _typeobject ) doesn't work. -- http://mail.python.org/mailman/listinfo/python-list
