[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [pygame] Python bots in Galcon (or your game!) safe_eval

P.S. - if anyone has any theoretical ideas on how they could break safe.py, but can't be bothered to try to do it themselves, please post them.  I'll give it a shot.

One theoretical one I have is doing something like:
d = {}
v = some_bad_value_that_when_printed_executes_something ?!
v2 = d[v]

because when the exception is raised, v will be printed outside of the safe_eval context.


Lenard Lindstrom <len-l@xxxxxxxxx> wrote:
Phil Hassey wrote:
> Hey,
> I've updated the script with some more tests and other goodies.
The following program executes code outside safe_eval.

from safe import safe_eval

TestCode = """
def delmethod(self):
print 'I am out.'
foo=type('Foo', (object,), {'_' + '_del_' + '_':delmethod})()

print 'Left safe_eval.'

I can't find any way to exploit this loophole though. But maybe the
__del__ method could be used to exhaust memory in an infinitely
recursive way.

Lenard Lindstrom

Don't pick lemons.
See all the new 2007 cars at Yahoo! Autos.