2016-04-12 14:18 GMT+02:00 Jon Ribbens <jon+python-dev at unequivocal.co.uk>: > The question is: with a minimal (or empty) set of builtins, and a > restriction on ast.Name and ast.Attribute nodes, can exec/eval be > made 'safe' so they cannot execute code outside the sandbox. According to multiple exploits listed in this thread, no, it's not possible. > If anyone had managed to find any more examples of holes in the > original featureset after the first couple then I would agree with > you, but they haven't. See my latest exploit using functools.update_wrapper() + A.__setattr__() ;-) >> As others pointed out, this particular approach (with maybe >> different details) has been tried again and again and again > > This simply isn't true either. As far as I can see, only > RestrictedPython has tried anything remotely similar, and > to the best of my ability to determine, that project is not > considerd a failure. IMHO nobody seriously audited RestrictedPython. It doesn't mean that it's secure. When it was created, security was less important than nowadays. Victor
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4