Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.lang.python > #95572 > unrolled thread

Re: Sandboxing Python

Back to article view | Back to comp.lang.python

This discussion starts older than the indexed window; earlier articles aren't shown. The article labeled Started by below is the oldest one visible, not the original post.

Contents

  Re: Sandboxing Python Chris Angelico <rosuav@gmail.com> - 2015-08-23 10:04 +1000
    Re: Sandboxing Python Christian Gollwitzer <auriocus@gmx.de> - 2015-08-23 07:17 +0200
      Re: Sandboxing Python Chris Angelico <rosuav@gmail.com> - 2015-08-23 15:41 +1000

#95572 — Re: Sandboxing Python

On Sun, Aug 23, 2015 at 9:52 AM, Mark Lawrence <breamoreboy@yahoo.co.uk> wrote:
> On 23/08/2015 00:44, Chris Angelico wrote:
>>
>> On Sun, Aug 23, 2015 at 9:25 AM, Mark Lawrence <breamoreboy@yahoo.co.uk>
>> wrote:
>>>
>>> I was always led to believe that the subject was a difficult thing to do,
>>> but here
>>>
>>> https://www.reddit.com/r/learnpython/comments/3huz4x/how_to_do_math_inside_raw_input/
>>> is a safe solution in only 23 characters, or are there any discernable
>>> flaws
>>> in it?
>>
>>
>>
>> I'm sorry, I can't see which solution you're talking about there -
>> maybe I just don't know how to read reddit properly. Can you paste the
>> proposed code please?
>>
>> The best I can see there is "use eval but with no builtins". That's
>> fundamentally flawed because you don't need builtins to break stuff.
>> All you need is a literal, from which you can snag everything else via
>> its attributes.
>>
>> However, for this situation, I would be recommending ast.literal_eval,
>> which *is* safe. It's a lot more powerful than "split it into number,
>> operator, number" as mentioned at the end, but still can't majorly
>> break anything.
>>
>> ChrisA
>>
>
> <code>
>>>> import os
>>>> eval("os.system('rm -rf /')", {"__builtins__":None})
> Traceback (most recent call last):
>   File "<pyshell#8>", line 1, in <module>
>     eval("os.system('rm -rf /')", {"__builtins__":None})
>   File "<string>", line 1, in <module>
> TypeError: 'NoneType' object is not subscriptable
> </code>
>
> <comment>
> Surely I must I have missed your meaning because I needed just 23 characters
> and zero extra lines to create a safe sandbox for this, but you've said that
> the core developers have tried and failed to do this. It appears that I
> didn't just wipe out my entire filesystem and you've stated quite
> matter-of-factly that there is no safe solution... so what happened here?
> Why didn't my filesystem just get wiped out?
> </comment>

Got it, thanks. The answer is: It's easy to make something you can't
yourself break out of. It just means you don't know all the tricks.

http://nedbatchelder.com/blog/201206/eval_really_is_dangerous.html

>>> cmd="""[c for c in ().__class__.__base__.__subclasses__() if c.__name__ == 'catch_warnings'][0]()._module.__builtins__["__import__"]("os").system("echo Hello")"""
>>> eval(cmd,{"__builtins__":None})
Hello
0

Et voila. Arbitrary module loading, arbitrary code execution, have fun.

ChrisA

[toc] | [next] | [standalone]

#95577

Am 23.08.15 um 02:04 schrieb Chris Angelico:
>> <code>
>>>>> import os
>>>>> eval("os.system('rm -rf /')", {"__builtins__":None})
>> Traceback (most recent call last):
>>    File "<pyshell#8>", line 1, in <module>
>>      eval("os.system('rm -rf /')", {"__builtins__":None})
>>    File "<string>", line 1, in <module>
>> TypeError: 'NoneType' object is not subscriptable
>> </code>
>
> Got it, thanks. The answer is: It's easy to make something you can't
> yourself break out of. It just means you don't know all the tricks.
>
> http://nedbatchelder.com/blog/201206/eval_really_is_dangerous.html
>
>>>> cmd="""[c for c in ().__class__.__base__.__subclasses__() if c.__name__ == 'catch_warnings'][0]()._module.__builtins__["__import__"]("os").system("echo Hello")"""
>>>> eval(cmd,{"__builtins__":None})
> Hello
> 0
>
> Et voila. Arbitrary module loading, arbitrary code execution, have fun.

In one of my other favourite languages, you can create sandboxes very 
easily. You create them as a new slave interpreter with restrictions:

interp create -safe myInterp
myInterp eval $userinput

In addition to removing "dangerous" functions, you can limit the mount 
of time spent by the eval, or alias new functions to callbacks from the 
main interpreter (though this may break security)
This was once built into it for a browser plugin (now extinct).

Would it be that difficult to get the same for Python? On the C side, 
the interpreter is a structure and does not use global variables (as 
opposed to CPython), therefore it is easy to create more than one 
interpreter in a single program, and also to reflect that to the 
scripting level.

	Christian

[toc] | [prev] | [next] | [standalone]

#95578

On Sun, Aug 23, 2015 at 3:17 PM, Christian Gollwitzer <auriocus@gmx.de> wrote:
> Would it be that difficult to get the same for Python? On the C side, the
> interpreter is a structure and does not use global variables (as opposed to
> CPython), therefore it is easy to create more than one interpreter in a
> single program, and also to reflect that to the scripting level.

There have been some explorations in that direction. However, it would
be very difficult to pass objects from one interpreter to the other,
so you'd be restricted to some form of serialization... at which point
you may as well just use a subprocess, which you can isolate using OS
facilities.

ChrisA

[toc] | [prev] | [standalone]

Back to top | Article view | comp.lang.python

csiph-web