Steven Bethard wrote:
> Duncan Booth wrote:
>> any new style class you have defined and call any of its methods with
>> whatever arguments I wish.
>
> Any new style class that I've defined? Or just any one I pass in as
> part of dict(__builtins__=None, ...)? If the former, could you
> elaborate? If the latter, then yes, I can see the problem. However
> for the case where all you pass in is dict(__builtins__=None), is
> there still a risk? Note that in the OP's case, all that is necessary
> is constant parsing, so no names need to be available.
>
Any new style class you have defined is accessible through
object.__subclasses__(), and as I showed object itself is always accessible
through {}.__class__.__bases__[0].
I'm assuming that the source code for your program is available. That means
I can find the name of an interesting class which has a method that does
something destructive, and call it.
e.g. Assuming that the MyDatabase class does something nasty to a file:
>>> class MyDatabase(object):
def __init__(self, filename):
self.filename = filename
def initialise(self):
print "Splat %s" % self.filename
>>> eval('''[ cls for cls in {}.__class__.__bases__[0].__subclasses__()
if 'MyDatabase' in `cls`
][0]('importantfile').initialise()''', dict(__builtins__=None))
Splat importantfile
--
http://mail.python.org/mailman/listinfo/python-list
