[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [pygame] Python bots in Galcon (or your game!) safe_eval
Greg Ewing wrote:
Lenard Lindstrom wrote:
I can't find any way to exploit this loophole though. But maybe the
__del__ method could be used to exhaust memory in an infinitely
You can do that from inside safe_eval anyway, so I don't
think that's an additional problem.
My thinking is that simply exhausting memory in safe_eval would trigger
a memory exception that would propagate up and give Python a chance to
terminate somewhat normally. But a memory error triggered in a __del__
method would not leave that method. So the interpreter would continue.
If the __del__ method exhausts memory by creating more instances of the
malicious class, then when these instances are garbage collected they
will also attempt to exhaust memory, and so on. This is the infinite
recursion I mentioned. I expect the interpreter would freeze. But I
never tried it.