Robert,
Can I use your technique above to input this string? The "[5]*3"
gives me a problem
L1="[3,10,15,23,25,30,3,[5]*3]"
On Sep 10, 1:56 pm, Robert Bradshaw <rober...@math.washington.edu>
wrote:
> On Sep 10, 2009, at 12:24 PM, Robert Bradshaw wrote:
>
>
>
>
>
>
>
> > On Sep 9, 2009, at 9:01 AM, Tim Dumol wrote:
>
> >> `eval(the_string, globals = {"__builtins__":None}, locals = {})`
> >> should do it. This removes access from all functions. Add any
> >> functions that are needed by adding them to the "locals" dictionary.
>
> >> As stated in:http://stackoverflow.com/questions/661084/security-of-
> >> pythons-eval-on-untrusted-strings
> >> andhttp://lybniz2.sourceforge.net/safeeval.html
>
> > Wow, this works, though for much deeper reasons than those given
> > above.
>
> > sage: [].__class__.__subclasses__()[2].is_mutable.__func__.__globals__
> > ['__builtins__']
> > {'ArithmeticError': <type 'exceptions.ArithmeticError'>,
> > ...
> > 'zip': <built-in function zip>}
>
> > sage: eval("[].__class__.__subclasses__()
> > [2].is_mutable.__func__.__globals__['__builtins__']",
> > {"__builtins__":None}, {})
> > ------------------------------------------------------------
> > Traceback (most recent call last):
> > File "<ipython console>", line 1, in <module>
> > File "<string>", line 1, in <module>
> > RuntimeError: restricted attribute
>
> > Even
>
> > sage: eval("[].__class__.__subclasses__()[2]([]).save('foo.txt')",
> > {"__builtins__": None}, {})
> > ------------------------------------------------------------
> > Traceback (most recent call last):
> > File "<ipython console>", line 1, in <module>
> > File "<string>", line 1, in <module>
> > File "sage_object.pyx", line 150, in
> > sage.structure.sage_object.SageObject.save (sage/structure/
> > sage_object.c:1894)
> > IOError: file() constructor not accessible in restricted mode
>
> > In short, if globals()['__builtins__'] != __builtins__ it runs in
> > "Restricted mode" which disallows certain introspections and other
> > operations. I don't know that it's bullet proof, but it looks pretty
> > solid.
>
> A little googling yielded
>
> http://www.dalkescientific.com/writings/diary/archive/2008/03/03/
> restricted_python.html
>
> which is one (of who knows how many) holes in restricted mode.
>
> - Robert- Hide quoted text -
>
> - Show quoted text -
--~--~---------~--~----~------------~-------~--~----~
To post to this group, send email to sage-support@googlegroups.com
To unsubscribe from this group, send email to
sage-support-unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/sage-support
URLs: http://www.sagemath.org
-~----------~----~----~----~------~----~------~--~---
