FAQ

Gregory Ewing wrote:
I posted a demonstration of this earlier in this thread.
As you wrote, your example does not work when using eval() like
in my original post with second and third parameter to eval():
import math
eval("[c for c in (0).__class__.__bases__[0].__subclasses__() if c.__name__ == 'file'][0]('/myfile', 'w')",
{ "__builtins__": None }, { "abs": abs, "sin": math.sin })
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "<string>", line 1, in <module>
IOError: file() constructor not accessible in restricted mode

(Same result with Python 2.4, 2.5, and 2.6.)

While I believe, that eval() is not save, I have yet to see an
example for exploiting it. Leaving out the second and third
parameter just proves, that one shouldn't omit them :~)

Thanks in advance for any black hat example!

P.S. Please Cc me, thanks.

Search Discussions

Discussion Posts

Previous

Related Discussions

Discussion Navigation
viewthread | post
posts ‹ prev | 10 of 10 | next ›
Discussion Overview
grouppython-list @
categoriespython
postedFeb 21, '10 at 9:25p
activeFeb 28, '10 at 10:52p
posts10
users6
websitepython.org

People

Translate

site design / logo © 2022 Grokbase