467,869 Members | 1,409 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 467,869 developers. It's quick & easy.

Replacing open builtin

rmm
If I replace the open builtin eg

import main
__main__.__builtins__.open=None

Is there any way, from here on, to access the original open function??

Extending this slightly, lets say I put a reference to the original
open function inside a class called Isolate and protect this reference
using __getattribute__ and __setattr__. Is the original function now
isolated and only able to be referenced within Isolate.

In summary, are there any references to builtin functions others than
through __builtins__ and is __getattribute__, __setattr__ secure

Regards

RMM

Jul 19 '05 #1
  • viewed: 1707
Share:
11 Replies
Can anyone recommend a Python interactive shell for use in presentations?

Ideal characteristics (priority order):
o configurable font size
o full screen mode
o readline support
o syntax coloring

I've tried ipython but, since it runs inside a console window, and the
console window has a limited number of selectable fonts, it doesn't
work terribly well.

I've seen presentations using some sort of PyGame implemented shell.
Does anyone have an information on that?

Cheers,
Brian
Jul 19 '05 #2
rmm
Sorry, should maybe have used __import__ as an example.
Let's say I grab import, store the reference within the Isolate class
and then redirect the builtin import to a function in the Isolate class
which only allows certain modules to be imported -eg not sys. Would
this be secure?

Jul 19 '05 #3
>>>>> "Brian" == Brian Quinlan <br***@sweetapp.com> writes:

Brian> Can anyone recommend a Python interactive shell for use in
Brian> presentations?

Brian> I've tried ipython but, since it runs inside a console
Brian> window, and the console window has a limited number of
Brian> selectable fonts, it doesn't work terribly well.

Hmm, do you consider the fonts in a console window unreadable? I've
given a few presentations using ipython on win32 and it worked alright
- but I suppose the projector quality is a factor here...

--
Ville Vainio http://tinyurl.com/2prnb
Jul 19 '05 #4
rmm
I had a quick look at the python source code and fileobject.c is one of
the core classes which, I would imagine, is why a reference can be
obtained. The other classes (method, dictionaries etc) don't look so
much of a liability. I'll maybe try disabling the fopen calls in
fileobject and see if it breaks anything (I've no need to open/close
files using the standard libraries).

Are there any other holes you can think of in the following scenario-
I disable all builtins except import which I protect in my 'Isolate'
class, I then only allow import to import a single module name.

Thanks for the speedy and informative replies.

RMM

Jul 19 '05 #5
rm*@iname.com wrote:
I had a quick look at the python source code and fileobject.c is one of
the core classes which, I would imagine, is why a reference can be
obtained. The other classes (method, dictionaries etc) don't look so
much of a liability. I'll maybe try disabling the fopen calls in
fileobject and see if it breaks anything (I've no need to open/close
files using the standard libraries).

Are there any other holes you can think of in the following scenario-
I disable all builtins except import which I protect in my 'Isolate'
class, I then only allow import to import a single module name.


You *really* ought to be checking the list archives for the *many* past
discussions of this, and the many ways in which it is nowhere near as
easy as you seem to think it might be, as well as for the variety of
partially completed efforts -- some of which closely resemble your
approach -- which have been abandoned after it was demonstrated how the
could not work.

On the other hand, after reading all that, you just might be the one to
come up with the solution that combines just enough of each approach to
solve the problem once and for all, and the community would be very
grateful to you.

But I doubt you'll solve this by asking Jp to review (and, inevitably,
shoot down) each idea you come up with. Give him a break until you've
read some of the archived material on this. :-)

-Peter
Jul 19 '05 #6
Ville Vainio wrote:
Hmm, do you consider the fonts in a console window unreadable?
In fullscreen mode, yes (you get no choice of font size in Windows XP).
In Windowed mode you still only get a limited font selection (only two
fonts and only a few type sizes [most of which are small]).
I've
given a few presentations using ipython on win32 and it worked alright
- but I suppose the projector quality is a factor here...


I'll get by but I was hoping for something better.

Cheers,
Brian
Jul 19 '05 #7
---------- Forwarded message ----------
From: James Carroll <mr*****@gmail.com>
Date: May 11, 2005 10:43 AM
Subject: Re: Interactive shell for demonstration purposes
To: Brian Quinlan <br***@sweetapp.com>
I would personally try looking at the PyCrust.py that's included with
wxPython. It has a standard shell, and you can use the Ctrl-] hotkey
to increase the font size. You can make it big and readable... (but
not bold, which would be nice.) Then, hide your taskbars (or system
menus) and maximize...

-Jim
On 5/11/05, Brian Quinlan <br***@sweetapp.com> wrote:
Ville Vainio wrote:
Hmm, do you consider the fonts in a console window unreadable?


In fullscreen mode, yes (you get no choice of font size in Windows XP).
In Windowed mode you still only get a limited font selection (only two
fonts and only a few type sizes [most of which are small]).
I've
given a few presentations using ipython on win32 and it worked alright
- but I suppose the projector quality is a factor here...


I'll get by but I was hoping for something better.

Cheers,
Brian
--
http://mail.python.org/mailman/listinfo/python-list

Jul 19 '05 #8
rmm
Sorry, didn't mean to pester Jp

I have checked the archives, Rexec copies __builtins__, causing the del
__builtins__ issue. I'm modifying the lowest level__builtins__.
I am also using __getAttribute__ and __setAttr__, I could find no
mention of security holes on the lists.

Let me re-state the question:
1. Once I've set all builtins except Import to None. Is there any way
of re-binding these built-ins if import is restricted to a single
module?
2. Are classed protected using __getAttribute__ and __setAttr__ secure

If these questions have been asked already, could you point me to
where?

-Ronnie

Jul 19 '05 #9
On Wed, 11 May 2005 16:21:19 +0200, Brian Quinlan <br***@sweetapp.com> wrote:
Ville Vainio wrote:
Hmm, do you consider the fonts in a console window unreadable?


In fullscreen mode, yes (you get no choice of font size in Windows XP).
In Windowed mode you still only get a limited font selection (only two
fonts and only a few type sizes [most of which are small]).
I've
given a few presentations using ipython on win32 and it worked alright
- but I suppose the projector quality is a factor here...


I'll get by but I was hoping for something better.

If you make your console 96 wide and set the font to Lucida Console Bold 24point,
it will probably expand to near full screen on 1024x768. You can set the scroll buffer
to a couple hundred lines and adjust console widow height to suit. Use the properties
from the system icon, or get there by Alt-Space P etc.
You can change the fg/bg colors also, though not a big selection either. I'm not a fan of idle
for my system (NT4) though it looks nice enough and has more fonts to choose from.

Regards,
Bengt Richter
Jul 19 '05 #10
Bengt Richter wrote:
If you make your console 96 wide and set the font to Lucida Console Bold 24point,
it will probably expand to near full screen on 1024x768. You can set the scroll buffer
to a couple hundred lines and adjust console widow height to suit. Use the properties
from the system icon, or get there by Alt-Space P etc.


That's not bad. There are two caveats:
1. you have to set the width to 72 characters (instead of 80) at
1024x768 with 24 point fonts
2. you can't run in full-screen mode

Cheers,
Brian
Jul 19 '05 #11
On Thu, 12 May 2005 17:41:29 +0200, Brian Quinlan <br***@sweetapp.com> wrote:
Bengt Richter wrote:
If you make your console 96 wide and set the font to Lucida Console Bold 24point,
it will probably expand to near full screen on 1024x768. You can set the scroll buffer
to a couple hundred lines and adjust console widow height to suit. Use the properties
from the system icon, or get there by Alt-Space P etc.
That's not bad. There are two caveats:
1. you have to set the width to 72 characters (instead of 80) at
1024x768 with 24 point fonts

Well, you don't _have_ to ;-) E.g., I have my screen buffer size set to 96 wide and 200 high,
so when I select 24-pt bold Lucida Console, I don't see more than about 68 characters within
the frame, but I can scroll horizontally to see to the 96 limit. If I output more than 96 wide,
it wraps to the next line. You may want to set wrap/buffer width at 72, but that's a choice, not
a have-to, at least on my system ;-)
2. you can't run in full-screen mode

Well, my system permits it, sort of, but it does force some layout and ugly raster font that reminds
of a black BSOD and is probably controlled by some registry stuff that I am too lazy to pursue.
I had to kill it (the console window) to get back to a normal console window, but that is probably
because I don't know the secret incantation off hand ;-/

Anyway, HIIH (happy if it helped ;-)

Regards,
Bengt Richter
Jul 19 '05 #12

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

1 post views Thread by Stephen Ferg | last post: by
7 posts views Thread by Skybuck Flying | last post: by
6 posts views Thread by Anders K. Olsen | last post: by
6 posts views Thread by saif.shakeel | last post: by
1 post views Thread by Nishkar Grover | last post: by
reply views Thread by jack112 | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.