[Bf-committers] "Security" gets in the way
Martin Poirier
theeth at yahoo.com
Thu Apr 29 14:58:26 CEST 2010
--- On Thu, 4/29/10, Charles Wardlaw <cwardlaw at marchentertainment.com> wrote:
> So you're telling me I can't modify sys.path to remove the
> standard Python libraries?
File access is part of builtins, you can remove that.
Even if you try, there's a million of sneaky ways to get it back, like the following:
[t for t in type(1).__class__.__base__.__subclasses__() if hasattr(t, "write")][0]("/path/to/file", "w").write("my payload")
> I'm not talking about a
> safe and secure sandboxed VM-- I mean literally remove the
> functionality. It's just a zip file or a folder or
> whatever, and there's no reason you can't block access to os
> and sys by not letting the interpreter see them.
os and sys are not required for file access.
Moreover, depending on the platform, they can be built into the interpreter (not external modules).
> The other option is code introspection-- It's simple enough
> to read through text and see what's imported before it's
> even fed to the interpreter. There's no reason that
> autoloaded scripts couldn't be inspected at file open for
> dangerous items.
Good luck with that.
Even with an import hook, it's possible to go around such a measure.
> I say leave up a message on the download page or put it in
> the installer that Python is not secure and that by running
> Blender people may be opening themselves up to attack, or
> pop up a message if being run interactively. Not that
> I've ever heard of such attacks on users of embedded
> Python.
Sometimes it's not malicious. It could just be a poorly written script that craps files all over your HD if not run in a certain way.
Martin
More information about the Bf-committers
mailing list