On 2016-04-05, Chris Angelico <ros...@gmail.com> wrote: > On Wed, Apr 6, 2016 at 3:26 AM, Jon Ribbens ><jon+use...@unequivocal.co.uk> wrote: >> The received wisdom is that restricted code execution in Python is >> an insolubly hard problem, but it looks a bit like my 7-line example >> above disproves this theory, provided you choose carefully what you >> provide in your restricted __builtins__ - but people who knows more >> than me about Python seem to have thought about this problem for >> longer than I have and come up with the opposite conclusion so I'm >> curious what I'm missing. > > No, it doesn't disprove anything. All you've shown is "here's a piece > of code that hasn't yet been compromised". :)
Yes, obviously. I wasn't asking for pedantry. > Your code is a *lot* safer for using 'eval' rather than 'exec'. > Otherwise, you'd be easily exploited using exceptions, which carry a > ton of info. ... but all in attributes that don't start with "_", as far as I can see. I think a very similar approach would work with 'exec' too, just you would obviously have to disallow ast.Import and ast.ImportFrom. > But even so, I would not bet money (much less the security of my > systems) on this being safe. I wasn't planning on betting any money ;-) -- https://mail.python.org/mailman/listinfo/python-list
