Hey all, victor> Could you keep all versions of safelite.py? I took Steven D'Aprano's advice and added a VERSION attribute and state the latest version on http://tav.espians.com/a-challenge-to-break-python-security.html Is that okay? antoine> I guess Tav should open a restaurant :-) Hehe!! Thankfully I only offered to it to the first person *phew!* farshid> It seems like some code in safelite passes farshid> a file object to isinstance. By overriding the farshid> builtin isinstance function I can get access to frashid> the original file object and create a new one. Farshid, this is beautiful!!! Thank you -- it's very nicely done!! Do you have a website I could link to from the blog article? guido> I think in the next version Tav will have to stop guido> the sharing of __builtins__ between the supervisor guido> and the sandboxed code. There are too many guido> tricks you can play with this. Done. The common pattern that arised out of the various builtins-overriding-hacks is that "safe" code should *never* make assumptions about the state of the globals. The use of closures seems to fix this problem with an easily-auditable design pattern. -- love, tav plex:espians/tav | tav at espians.com | +44 (0) 7809 569 369 http://tav.espians.com | http://twitter.com/tav | skype:tavespian
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4