[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [pygame] Python bots in Galcon (or your game!) safe_eval

Greg Ewing wrote:
Lenard Lindstrom wrote:

I can't find any way to exploit this loophole though. But maybe the __del__ method could be used to exhaust memory in an infinitely recursive way.

You can do that from inside safe_eval anyway, so I don't think that's an additional problem.

My thinking is that simply exhausting memory in safe_eval would trigger a memory exception that would propagate up and give Python a chance to terminate somewhat normally. But a memory error triggered in a __del__ method would not leave that method. So the interpreter would continue. If the __del__ method exhausts memory by creating more instances of the malicious class, then when these instances are garbage collected they will also attempt to exhaust memory, and so on. This is the infinite recursion I mentioned. I expect the interpreter would freeze. But I never tried it.

Lenard Lindstrom