Hi.
Jakub Wilk writes:
> * Jakub Wilk , 2014-02-13, 00:27:
>>>The CGI's code is supposed to be safeguarding against abuse,
>>The protection is not very good. (I'll disclose the details later.)
>
> The exploit I had in mind was:
>
> import re
> from re import sys
> imp = re.sys.
* Jakub Wilk , 2014-02-13, 00:27:
The CGI's code is supposed to be safeguarding against abuse,
The protection is not very good. (I'll disclose the details later.)
The exploit I had in mind was:
import re
from re import sys
imp = re.sys.modules['imp']
posix = im
* Olivier Berger , 2014-02-10, 10:51:
The CGI's code is supposed to be safeguarding against abuse,
The protection is not very good. (I'll disclose the details later.)
but I think some sandboxing would be better at the CGI invocation for
additional security.
Agreed.
--
Jakub Wilk
--
To UN
Hi.
I'm looking for advice on how to package the Online Python Tutor's
backend server which can execute arbitrary Python scripts submitted by
the user.
The CGI's code is supposed to be safeguarding against abuse, but I think
some sandboxing would be better at the CGI invocation for additional
sec
4 matches
Mail list logo
