mvent the guard?
If it would be helpful, I am happy to maintain this as Python evolves.
I've already been maintaining the PJE-inspired ctypes-based approach
and monkeypatches for various Python versions for a while now. See
secure.py, secure25.py, secure26.py and secure30.py in:
http://gi
rexec module.
Does that seem reasonable to you all?
tav>
http://github.com/tav/plexnet/tree/9dabc570a2499689e773d1af3599a29102071f80/source/plexnet/util
martin> What is the objective of this code? Is it a complete
martin> sandbox? If not, is a complete sandbox based on
mar
And, here's a version for Python 2.6+ -- diffed against an svn
checkout of the current python/trunk:
http://codereview.appspot.com/21051/show
Please review also. Cheers!
--
love, tav
plex:espians/tav | t...@espians.com | +44 (0) 7809 569 369
http://tav.espians.com | @tav | skype:tave
s existing restricted
framework in the interpreter.
Please review and accept =)
* http://codereview.appspot.com/20051
* http://codereview.appspot.com/21051
Thanks!
--
love, tav
plex:espians/tav | t...@espians.com | +44 (0) 7809 569 369
http://tav.espians.com | @tav | skype:tavespian
"&quo
27;s cool -- thanks for this much!
I'm hoping someone out there has a few spare minutes.
The patch is just 6 lines of code...
Someone? Pretty please? =)
--
love, tav
plex:espians/tav | t...@espians.com | +44 (0) 7809 569 369
http://tav.espians.com | @tav | skype:tavespian
__
to try and break it, I
steven> suggest you send it to c.l.py
Done.
--
love, tav
plex:espians/tav | t...@espians.com | +44 (0) 7809 569 369
http://tav.espians.com | http://twitter.com/tav | skype:tavespian
"""
Please try and break this.
On a fresh Python interpreter, do the fo
> I take it back, we need to find all the trivial ones too.
Agreed!
> BTW Tav, you ought to create a small website for this challenge. A
> blog post or wiki page would suffice.
Done.
http://tav.espians.com/a-challenge-to-break-python-security.html
Please blog/retweet and of course
.
How about: "it could possibly enable a secured Python interpreter" ?
> OTOH, the patch looks harmless (with minor corrections). It could
> be considered a bug fix for the current set of restricted attributes
Yes, and it is in that light that I would like the patch to be accepte
validate
the model or the possibility of using it in Python.
What would invalidate it is someone finding a way to bypass it
completely in Python and this challenge is an attempt to see if we can
find such a way.
--
love, tav
plex:espians/tav | t...@espians.com | +44 (0) 7809 5
Hey all,
victor> Could you keep all versions of safelite.py?
I took Steven D'Aprano's advice and added a VERSION attribute and
state the latest version on
http://tav.espians.com/a-challenge-to-break-python-security.html
Is that okay?
antoine> I guess Tav should open a rest
Hey Victor,
You definitely got to the heart of the challenge.
> f.tell.__getattribute__('func_closure')
But, have you actually run that code?
Cos that doesn't work here... sorry if I missed something...
--
love, tav
plex:espians/tav | t...@espians.com | +44 (0)
(None, None,
# None) Then, tb.tb_frame gives an attribute error
I can't seem to find the place in the Python source where exc_info()
behaves differently under restricted mode...
Thoughts on which of the two options is better would be very appreciated!
And thanks for the ongoin
= args[1]['sys']
>
> except Exception, v:
> print "Exception:", v
> return warnings
>
> # Put the bogus module at the doorstep...
> __builtins__.warnings = warnings
>
> # and have the thug replacing the doorman
> __builtins__.
ite`... so, sorry =(
You have to remember that this isn't the way that this code will
actually be used in practise. This is just a challenge to see if the
model holds...
--
love, tav
plex:espians/tav | t...@espians.com | +44 (0) 7809 569 369
http://tav.espians
has to go.
I've fixed this in v8 -- got a website that I can link to for the blog?
And instead of trying to make tb_frame go away, I'd like to add the
following to my proposed patch of RESTRICTED attributes:
* f_code
* f_builtins
* f_globals
* f_locals
That seems to do the trick...
--
; real world
> jail <-- proxy objects -- real world
Ehm, I'd strongly discourage any approaches using proxies. The
performance penalties will just be insane.
If you really want one though -- check out Zope proxy. It already
implements this quite well and you can use it today! =)
--
l
Hey Andrew & Victor,
tav> But the challenge was about doing `from safelite import FileReader`.
Andrew> Though it doesn't say so on the first post on this thread
Andrew> nor your page at
Andrew> http://tav.espians.com/a-challenge-to-break-python-security.html
Sorry,
s. You can find
the reStructuredText source of the article at
http://github.com/tav/blog/tree/master
Many thanks to everyone who took part in the challenge -- it was very
informative and fun!
Please let me know what else I need to do to get the patch accepted. Thanks!
--
love, tav
plex:espia
if I've missed something obvious. Thanks!
--
love, tav
plex:espians/tav | t...@espians.com | +44 (0) 7809 569 369
http://tav.espians.com | http://twitter.com/tav | skype:tavespian
___
Python-Dev mailing list
Python-Dev@python.org
http://mail.pytho
l/tree/master
I was able to do the following with Titanium Desktop (which uses it)
to access the DOM from Python:
def hello(s):
document.getElementById('foo').innerHTML = s
Hello World
hello("tav")
More relevant links:
* http://www.appcelerator.com/
* http://githu
red. Am I missing something obvious that prevents me from
doing that?
Can we get rid of them for Python 2.6? Or even 2.5.2? Is anyone
besides PJE actually using them? ;p
Thanks in advance for your thoughts.
--
love, tav
founder and ceo, esp metanational llp
plex:espians/tav | [EMAIL PROTEC
as been following your work on generic functions from way
before RuleDispatch, I really want to see PEP 3124 in 3.0
But, all I am asking for is to not expose func_closure (and perhaps
some of the other func_*) as members of FunctionType -- isn't it
possible to add functional
ut it in 2.3/2.4 and didn't know it had been
> added in 2.5. :)
w00p!
so, suggestions as to how one can go about getting those 2 access methods moved?
--
thanks, tav
founder and ceo, esp metanational llp
plex:espians/tav | [EMAIL PROTECTED] | +44 (0) 7809 569 369
__
I love you PJE! Thank you! =)
On 6/28/07, Phillip J. Eby <[EMAIL PROTECTED]> wrote:
> At 05:23 PM 6/28/2007 +0100, tav wrote:
> >Any pointers on removing members via ctypes front?
> >
> >Whilst I can understand even the most obscure aspects of your python
> >c
24 matches
Mail list logo
