[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [pygame] Python bots in Galcon (or your game!) safe_eval
Phil Hassey wrote:
Hey,
I've updated the script with some more tests and other goodies.
The following program executes code outside safe_eval.
from safe import safe_eval
TestCode = """
def delmethod(self):
print 'I am out.'
foo=type('Foo', (object,), {'_' + '_del_' + '_':delmethod})()
foo.error
"""
try:
safe_eval(TestCode)
finally:
print 'Left safe_eval.'
I can't find any way to exploit this loophole though. But maybe the
__del__ method could be used to exhaust memory in an infinitely
recursive way.
--
Lenard Lindstrom
<len-l@xxxxxxxxx>