Message156539
Example combining patches of #14385 and #14386 to run code with read-only __builtins__:
----------- test.py -------------
ns={'__builtins__': __builtins__.__dict__}
exec(compile("__builtins__['superglobal']=1; print(superglobal)", "test", "exec"), ns)
ns={'__builtins__': dictproxy(__builtins__.__dict__)}
exec(compile("__builtins__['superglobal']=2; print(superglobal)", "test", "exec"), ns)
----------- end of test.py -----
Output:
--------
$ ./python test.py
1
Traceback (most recent call last):
File "x.py", line 4, in <module>
exec(compile("__builtins__['superglobal']=1; print(superglobal)", "test", "exec"), ns)
File "test", line 1, in <module>
TypeError: 'dictproxy' object does not support item assignment
--------
Note: this protection is not enough to secure Python, but it is an important part of a Python sandbox. |
|
Date |
User |
Action |
Args |
2012-03-22 02:03:36 | vstinner | set | recipients:
+ vstinner |
2012-03-22 02:03:36 | vstinner | set | messageid: <1332381816.01.0.198972850539.issue14385@psf.upfronthosting.co.za> |
2012-03-22 02:03:35 | vstinner | link | issue14385 messages |
2012-03-22 02:03:35 | vstinner | create | |
|