On 8/14/10 5:06 PM, Steven D'Aprano wrote: > On Sun, 15 Aug 2010 01:24:00 +0200, Roland Koebler wrote: > >> I had the same problem, and so I created a "pseudo-sandbox" for >> embedding Python in templates. This "pseudo-sandbox" creates a >> restricted Python environment, where only whitelisted functions/classes >> are allowed. Additionally, it prevents things like '0 .__class__'. > > Hmmm... is that meant just as an illustration of a general technique, or > do you actually have something against the class of 0? 0 .__class__ seems > pretty innocuous to me: > >>>> type(0) is 0 .__class__ is int > True
Assuming you have a totally restricted environment, where none of the normal built-ins are available-- notably "type"-- in theory I thought once that you could exec pretty safely. Because there's just no access to anything! But, alas, someone showed me I was wrong. 0 .__class__ can lead you to "type". And type.__subclasses__ happily leads you to everything in the world. I solve this by just refusing to allow getattr, and __ anywhere in the file to be saved just gets turned into xx, so its impossible (I think) for users to access or use any special method. -- Stephen Hansen ... Also: Ixokai ... Mail: me+list/python (AT) ixokai (DOT) io ... Blog: http://meh.ixokai.io/
signature.asc
Description: OpenPGP digital signature
-- http://mail.python.org/mailman/listinfo/python-list
