On Sat, 9 Apr 2005, Jp Calderone wrote:
Does using the gc module to bypass this security count? If so:
[EMAIL PROTECTED]:~$ python -i facet.py >>> import gc >>> c = readonly_facet.__getattr__.func_closure[1] >>> r = gc.get_referents(c)[0] >>> r.n = 'hax0r3d' >>> readonly_facet.value() 'hax0r3d' >>>
You can't get func_closure in restricted mode. (Or at least, i can't, using the Python included with Mac OS 10.3.8.)
>>> restrict() >>> readonly_facet.__getattr__.func_closure Traceback (most recent call last): File "<stdin>", line 1, in ? RuntimeError: restricted attribute >>>
Even though this particular example doesn't work in restricted mode, it's true that the gc module violates capability discipline, and you would have to forbid its import. In any real use case, you would have to restrict imports anyway to prevent access to sys.modules or loading of arbitrary binaries.
For a version that restricts imports, see:
http://zesty.ca/python/facet.py
Let me know if you figure out how to defeat that.
you should probably search the list and look at my old attacks against
restricted execution, there's reason why is not much supported anymore.
One can still try to use it but needs to be extremely careful or use C defined proxies... etc.
(This is a fun exercise, but with a potential purpose -- it would be nice to have a coherent story on this for Python 3000, or maybe even Python 2.x.)
-- ?!ng _______________________________________________ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/pedronis%40strakt.com
_______________________________________________ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
