Hey all,
victor> Could you keep all versions of safelite.py?
I took Steven D'Aprano's advice and added a VERSION attribute and
state the latest version on
http://tav.espians.com/a-challenge-to-break-python-security.html
Is that okay?
antoine> I guess Tav should open a restaurant :-)
Hehe!!
On Mon, Feb 23, 2009 at 4:06 PM, Victor Stinner
wrote:
> Le Tuesday 24 February 2009 00:51:25 Farshid Lashkari, vous avez écrit :
>> It seems like some code in safelite passes a file object to
>> isinstance. By overriding the builtin isinstance function I can get
>> access to the original file obj
Le Tuesday 24 February 2009 00:51:25 Farshid Lashkari, vous avez écrit :
> It seems like some code in safelite passes a file object to
> isinstance. By overriding the builtin isinstance function I can get
> access to the original file object and create a new one.
Wow, excellent idea!
--
Victor S
Farshid Lashkari gmail.com> writes:
>
> It seems like some code in safelite passes a file object to
> isinstance. By overriding the builtin isinstance function I can get
> access to the original file object and create a new one. Here is the
> code I used:
I guess Tav should open a restaurant :-)
It seems like some code in safelite passes a file object to
isinstance. By overriding the builtin isinstance function I can get
access to the original file object and create a new one. Here is the
code I used:
from safelite import FileReader
_real_file = None
def _new_isinstance(obj,types):
Le Monday 23 February 2009 22:36:47, vous avez écrit :
> reload(__builtins__)
> (...)
>
> Tav should have made another stipulation: the attack must not be
> trivial to fix.
Why not? Any hole is enough to break a jail. The cracker doesn't care if it's
trivial to fix or not :-p
--
Victor Sti
On Mon, Feb 23, 2009 at 1:36 PM, Guido van Rossum wrote:
> On Mon, Feb 23, 2009 at 1:12 PM, Victor Stinner
> wrote:
>>> The challenge is simple:
>>>
>>> * Open a fresh Python interpreter
>>> * Do: >>> from safelite import FileReader
>>> * You can use FileReader to read files on your filesystem
>>
On Mon, Feb 23, 2009 at 1:12 PM, Victor Stinner
wrote:
>> The challenge is simple:
>>
>> * Open a fresh Python interpreter
>> * Do: >>> from safelite import FileReader
>> * You can use FileReader to read files on your filesystem
>> * Now find a way to *write* to the filesystem from your interprete
Woo!
victor> >>> file('0wn3d', 'w').write('w00t\n')
victor> Cool. It's a good reason to go to Pycon UK this yeak ;-)
Thank you so much Victor! Please mail/phone me when you are heading to
London and I shall honour the evening out!
Now, how about this adapted version without reload?
I could
> The challenge is simple:
>
> * Open a fresh Python interpreter
> * Do: >>> from safelite import FileReader
> * You can use FileReader to read files on your filesystem
> * Now find a way to *write* to the filesystem from your interpreter
Well, the challenge is to get access to a module. And... it
I sent a link out to Twitter...
On Mon, Feb 23, 2009 at 12:40 PM, Steven Bethard
wrote:
> On Mon, Feb 23, 2009 at 12:10 PM, tav wrote:
>> Hey all,
>>
>> As an attempt to convince everyone of the merits of my functions-based
>> approach to security, I've come up with a simple challenge. I've
>> a
On Mon, Feb 23, 2009 at 12:10 PM, tav wrote:
> Hey all,
>
> As an attempt to convince everyone of the merits of my functions-based
> approach to security, I've come up with a simple challenge. I've
> attached it as safelite.py
>
> The challenge is simple:
>
> * Open a fresh Python interpreter
> *
Hey Brett,
> Ah, OK. I just quickly looked at your patches on codereview and noticed that
> neither __closure__ or __globals__ have been touched.
Those are already restricted by Python when __builtins__ is not the
same as the standard one.
> I assume you are worried about getting a hold of the
On Mon, Feb 23, 2009 at 12:10, tav wrote:
> Hey all,
>
> As an attempt to convince everyone of the merits of my functions-based
> approach to security, I've come up with a simple challenge. I've
> attached it as safelite.py
>
> The challenge is simple:
>
> * Open a fresh Python interpreter
> * Do
Hey all,
As an attempt to convince everyone of the merits of my functions-based
approach to security, I've come up with a simple challenge. I've
attached it as safelite.py
The challenge is simple:
* Open a fresh Python interpreter
* Do: >>> from safelite import FileReader
* You can use FileReade
15 matches
Mail list logo
