Home - News ( United States | United Kingdom | Italy | Germany ) - Football scores

Showing content from http://mail.python.org/pipermail/python-dev/2009-February/086437.html below:

[Python-Dev] Challenge: Please break this! [Now with blog post]

• Previous message: [Python-Dev] Challenge: Please break this! [Now with blog post]
• Next message: [Python-Dev] Challenge: Please break this! [Now with blog post]
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Another potential avenue for attacks:

I can access the various class and metaclass objects easily:

>>> f = FileReader('/etc/passwd')
>>> f.__class__
<class 'safelite.NamespaceObject'>
>>> f.__class__.__metaclass__
<class 'safelite.NamespaceContext'>
>>> f.__class__.__metaclass__.__call__
<unbound method NamespaceContext.__call__>
>>> f.__class__.__metaclass__.__call__.im_func
<function __call__ at 0x66470>
>>> kall = f.__class__.__metaclass__.__call__.im_func
>>>

Now calling kall() with appropriate arguments will allow me to let the
supervisor do setattr() operations on any object I have access to. It
will probably end with an exception but that shouldn't matter:

>>> kall(f.__class__.__metaclass__, [('foo', 47)])
<type 'list'>
>>> f.__class__.__metaclass__.foo
47
>>>

Insofar as the metaclass has any purpose at all for security this
might let us thwart that purpose...

-- 
--Guido van Rossum (home page: http://www.python.org/~guido/)

• Previous message: [Python-Dev] Challenge: Please break this! [Now with blog post]
• Next message: [Python-Dev] Challenge: Please break this! [Now with blog post]
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

RetroSearch is an open source project built by @garambo | Open a GitHub Issue

Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo

HTML: 3.2 | Encoding: UTF-8 | Version: 0.7.4