Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.lang.python > #86934 > unrolled thread
| Started by | Ben Finney <ben+python@benfinney.id.au> |
|---|---|
| First post | 2015-03-05 17:44 +1100 |
| Last post | 2015-03-05 00:59 -0700 |
| Articles | 3 — 3 participants |
Back to article view | Back to comp.lang.python
This discussion starts older than the indexed window; earlier articles aren't shown. The article labeled Started by
below is the oldest one visible, not the original post.
Re: Do not run this code. Ben Finney <ben+python@benfinney.id.au> - 2015-03-05 17:44 +1100
Re: Do not run this code. Dave Farrance <DaveFarrance@OMiTTHiSyahooANDTHiS.co.uk> - 2015-03-05 07:39 +0000
Re: Do not run this code. Ian Kelly <ian.g.kelly@gmail.com> - 2015-03-05 00:59 -0700
| From | Ben Finney <ben+python@benfinney.id.au> |
|---|---|
| Date | 2015-03-05 17:44 +1100 |
| Subject | Re: Do not run this code. |
| Message-ID | <mailman.56.1425537863.21433.python-list@python.org> |
Chris Angelico <rosuav@gmail.com> writes: > import base64; exec(…) That's all I need to know. Code with ‘exec()’ calls, I consider unsafe by default. -- \ Lucifer: “Just sign the Contract, sir, and the Piano is yours.” | `\ Ray: “Sheesh! This is long! Mind if I sign it now and read it | _o__) later?” —http://www.achewood.com/ | Ben Finney
[toc] | [next] | [standalone]
| From | Dave Farrance <DaveFarrance@OMiTTHiSyahooANDTHiS.co.uk> |
|---|---|
| Date | 2015-03-05 07:39 +0000 |
| Message-ID | <gi1gfalrm71kqju9qcmcgus5pbseit2eqo@4ax.com> |
| In reply to | #86934 |
Ben Finney <ben+python@benfinney.id.au> wrote: >Chris Angelico <rosuav@gmail.com> writes: > >> import base64; exec(…) > >That's all I need to know. Code with ‘exec()’ calls, I consider unsafe >by default. Indeed. replacing exec with print... >>> print(base64.b64decode(b"eD0neD0lcjsgZXhlYyh4JSV4KSc7IGV4ZWMoeCV4KQ==")) x='x=%r; exec(x%%x)'; exec(x%x) so, discarding that second exec... >>> x='x=%r; exec(x%%x)' >>> print(x) x=%r; exec(x%%x) So it recurses, and if that second exec had been left in then it would be a fork bomb.
[toc] | [prev] | [next] | [standalone]
| From | Ian Kelly <ian.g.kelly@gmail.com> |
|---|---|
| Date | 2015-03-05 00:59 -0700 |
| Message-ID | <mailman.58.1425542402.21433.python-list@python.org> |
| In reply to | #86935 |
On Thu, Mar 5, 2015 at 12:39 AM, Dave Farrance <DaveFarrance@omitthisyahooandthis.co.uk> wrote: > Ben Finney <ben+python@benfinney.id.au> wrote: > >>Chris Angelico <rosuav@gmail.com> writes: >> >>> import base64; exec(…) >> >>That's all I need to know. Code with ‘exec()’ calls, I consider unsafe >>by default. > > Indeed. replacing exec with print... > >>>> print(base64.b64decode(b"eD0neD0lcjsgZXhlYyh4JSV4KSc7IGV4ZWMoeCV4KQ==")) > x='x=%r; exec(x%%x)'; exec(x%x) > > so, discarding that second exec... > >>>> x='x=%r; exec(x%%x)' >>>> print(x) > x=%r; exec(x%%x) > > So it recurses, and if that second exec had been left in then it would be > a fork bomb. In order to be a fork bomb, it would have to call fork at some point. This is just a race to see whether you'll run out of memory before the recursion limit is reached.
[toc] | [prev] | [standalone]
Back to top | Article view | comp.lang.python
csiph-web