[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [pygame] Python bots in Galcon (or your game!) safe_eval



Phil Hassey wrote:
Hey,

I've updated the script with some more tests and other goodies.

The following program executes code outside safe_eval.


from safe import safe_eval

TestCode = """
def delmethod(self):
   print 'I am out.'
foo=type('Foo', (object,), {'_' + '_del_' + '_':delmethod})()
foo.error
"""

try:
   safe_eval(TestCode)
finally:
   print 'Left safe_eval.'


I can't find any way to exploit this loophole though. But maybe the __del__ method could be used to exhaust memory in an infinitely recursive way.


--
Lenard Lindstrom
<len-l@xxxxxxxxx>