469,602 Members | 1,795 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 469,602 developers. It's quick & easy.

Trusted python

rmm
Here's a first attempt at trusted python. I would be grateful if any
python gurus could point out the, no doubt obvious, flaws.
I've stopped fileobject working with patches to fileobject and
frameobject. All child frames of the first 'trusted' frame are trusted
(checked using inspect.getouterframes(inspect.currentframe()). Trusted
is a one-way switch.

Is there anything I'm missing about the python frame structure?
Is there any way of circumventing __getattribute__/__setattr__ ?
Is there any way of getting to builtins once the imported __builtin__
methods are replaced?

Regards

Ronnie Mackay
------------------Use example------------------------
import trusted
import inspect

l_trusted=trusted.Trusted(inspect.currentframe(),

['eval','reload','compile','input','execfile'],
[<list allowable modules>])

<...Attacks here...>

--------------- trusted.py ---------------
import __builtin__
class TrustedException(Exception): pass
class TrustedImportException(Exception): pass
class Trusted(object):

def __init__(self, in_main_frame, in_exclude_builtins, in_modules):
in_main_frame.trusted() # **NOTE C PATCH. REMOVE THIS TO RUN
UNPATCHED
object.__setattr__(self, '_m', in_modules)
object.__setattr__(self, '_import', __builtin__.__import__)
for l_builtin in
in_exclude_builtins:#__main__.__builtins__.__dict_ _.keys():
__builtin__.__dict__[l_builtin]=object.__getattribute__(self,
'error')
__builtin__.__import__=object.__getattribute__(sel f,
'trusted_import')
def error(self, *args):
raise TrustedException

def trusted_import(self, in_name, in_globals=None, in_locals=None,
in_as=None):
l_globals=in_globals or globals()
l_locals=in_locals or locals()
l_as=in_as or []
if in_name in object.__getattribute__(self, '_m'):
return object.__getattribute__(self, '_import')(in_name,
l_globals, l_locals, l_as)
else:
raise TrustedImportException(in_name)

def __setattr__(self, name, value):
raise TrustedException

def __getattribute__(self, name):
if name != 'trusted_import':
raise TrustedException
return object.__getattribute__(self, name)
---------------- attempts to open a file -------------------
NOTE: These can't be reproduced without patching python

Test :open('/dev/null') in the main module
Result :file() constructor not accessible in trusted mode
(exceptions.IOError)

Test : within an imported module, open('/dev/null')
Result :file() constructor not accessible in trusted mode
(exceptions.IOError)

Test :exec "open('/dev/null')"
Result :file() constructor not accessible in trusted mode
(exceptions.IOError)

Test :get file from base types
[(1).__class__.__bases__[0].__subclasses__()[-4]('/dev/null')]
Result :file() constructor not accessible in trusted mode
(exceptions.IOError)

Jul 19 '05 #1
0 958

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

reply views Thread by David N. | last post: by
4 posts views Thread by Robert McClenon | last post: by
7 posts views Thread by Ray Valenti | last post: by
reply views Thread by ClŠudia Morgado | last post: by
1 post views Thread by petergjansen | last post: by
reply views Thread by suresh191 | last post: by
4 posts views Thread by guiromero | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.