Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.lang.python > #86937
| References | <CAPTjJmoSgX6_HO16b2WB=vT+y8tys0ZyvcD-XVS+=6hj=gtUTQ@mail.gmail.com> <mailman.56.1425537863.21433.python-list@python.org> <gi1gfalrm71kqju9qcmcgus5pbseit2eqo@4ax.com> |
|---|---|
| From | Ian Kelly <ian.g.kelly@gmail.com> |
| Date | 2015-03-05 00:59 -0700 |
| Subject | Re: Do not run this code. |
| Newsgroups | comp.lang.python |
| Message-ID | <mailman.58.1425542402.21433.python-list@python.org> (permalink) |
On Thu, Mar 5, 2015 at 12:39 AM, Dave Farrance <DaveFarrance@omitthisyahooandthis.co.uk> wrote: > Ben Finney <ben+python@benfinney.id.au> wrote: > >>Chris Angelico <rosuav@gmail.com> writes: >> >>> import base64; exec(…) >> >>That's all I need to know. Code with ‘exec()’ calls, I consider unsafe >>by default. > > Indeed. replacing exec with print... > >>>> print(base64.b64decode(b"eD0neD0lcjsgZXhlYyh4JSV4KSc7IGV4ZWMoeCV4KQ==")) > x='x=%r; exec(x%%x)'; exec(x%x) > > so, discarding that second exec... > >>>> x='x=%r; exec(x%%x)' >>>> print(x) > x=%r; exec(x%%x) > > So it recurses, and if that second exec had been left in then it would be > a fork bomb. In order to be a fork bomb, it would have to call fork at some point. This is just a race to see whether you'll run out of memory before the recursion limit is reached.
Back to comp.lang.python | Previous | Next — Previous in thread | Find similar | Unroll thread
Re: Do not run this code. Ben Finney <ben+python@benfinney.id.au> - 2015-03-05 17:44 +1100
Re: Do not run this code. Dave Farrance <DaveFarrance@OMiTTHiSyahooANDTHiS.co.uk> - 2015-03-05 07:39 +0000
Re: Do not run this code. Ian Kelly <ian.g.kelly@gmail.com> - 2015-03-05 00:59 -0700
csiph-web