2016-04-12 14:16 GMT+02:00 Victor Stinner <victor.stinner at gmail.com>: > I read your code and the code of CPython. I found many issues. > (...) > The exploit is based on two things: > > * update_wrapper() is used to get the secret attribute using the real > getattr() function > * update_wrapper() + A.__setattr__ are used to pass the secret from > the real namespace to the untrusted namespace Oh, I forgot to mention another vulnerability: you block access to attributes by replacing getattr and by analyzing the AST. Ok, but one more time, it's not enough. If you get access to obj.__dict__, you will likely get access to any attribute using obj_dict[attr] instead of obj.attr. I wrote pysandbox because I liked Tav's idea of *removing* sensitive dictionary keys of sensitive types like functions, frames and code objects. Again, it was not enough. Victor
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4