On 10/20/2012 10:24 AM, Andrea Griffini wrote:
> On Thu, Oct 18, 2012 at 5:41 PM, Georg Brandl <g.bra...@gmx.net> wrote:
>> On 10/18/2012 03:16 PM, Daniel Holth wrote:
>>> On Thu, Oct 11, 2012 at 1:36 PM, Vinay Sajip <vinay_sa...@yahoo.co.uk>
>>> wrote:
>>>> Daniel Holth <dholth <at> gmail.com> writes:
>>>>
>>>>> How does this compare to the markerlib approach? In markerlib you just
>>>>> make sure all the AST nodes are in a set of allowed nodes, currently
>>>>> (Compare, BoolOp, Attribute, Name, Load, Str, cmpop, boolop), and then
>>>>> use the normal eval(). Is one way more secure / fast / flexible than
>>>>> the other?
>>>>
>>>> I don't think performance is an issue, and the markerlib approach seems
>>>> just
>>>> as reasonable as the one I've taken, except that it calls eval(), whereas
>>>> my
>>>> approach doesn't. It boils down to what should be allowed in expressions,
>>>> and
>>>> what shouldn't be.
>
> I'm not sure if this is pertinent to the safe eval discussion, but
> currently it's possible to make python crash with a segfault even by
> just *parsing* an expression.
>
> See http://bugs.python.org/issue5765
There's a big difference between being able to pass anything to an eval()
invocation, and having to exploit a segfault due to a stack overflow.
Even if your eval() argument overflows the stack, it's still much safer
than if you pass '__import__("os").unlink(...)' :)
Georg
_______________________________________________
Python-Dev mailing list
Python-Dev@python.org
http://mail.python.org/mailman/listinfo/python-dev
Unsubscribe:
http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
