Re: [pygame] Python bots in Galcon (or your game!) safe_eval

[Lenard Lindstrom <len-l@xxxxxxxxx>]

Greg Ewing wrote:
> Lenard Lindstrom wrote:
>
> > I can't find any way to exploit this loophole though. But maybe the 
> > __del__ method could be used to exhaust memory in an infinitely 
> > recursive way.
>
> You can do that from inside safe_eval anyway, so I don't
> think that's an additional problem.

My thinking is that simply exhausting memory in safe_eval would trigger 
a memory exception that would propagate up and give Python a chance to 
terminate somewhat normally. But a memory error triggered in a __del__ 
method would not leave that method. So the interpreter would continue. 
If the __del__ method exhausts memory by creating more instances of the 
malicious class, then when these instances are garbage collected they 
will also attempt to exhaust memory, and so on. This is the infinite 
recursion I mentioned. I expect the interpreter would freeze. But I 
never tried it.

--
Lenard Lindstrom
<len-l@xxxxxxxxx>