Dailydave mailing list archives
Re: Google Apps Engine
From: "Lutz Böhne" <lboehne () damogran de>
Date: Fri, 11 Apr 2008 16:33:14 +0200
Even those could easily be sanitized by just some fun with function pointers. >>> open=lambda *x: "no" >>> open('/etc/passwd') 'no'
Unless there are other ways to find these functions: >>> __builtins__.__dict__["open"]( '/etc/passwd') <open file '/etc/passwd', mode 'r' at 0xb7dac7b8> or even: >>> open=lambda *x: "no" >>> open('/etc/passwd') 'no' >>> del open >>> open('/etc/passwd') <open file '/etc/passwd', mode 'r' at 0xb7db44a0> Python is fun, there are so many ways to have it do what you want ;) It might be possible to remove these functions like this: >>> del __builtins__.__dict__["open"] >>> open('/etc/passwd') Traceback (most recent call last): File "<stdin>", line 1, in <module> NameError: name 'open' is not defined [...] But i don't know whether that'd get rid of all problems. Best regards, Lutz
Attachment:
signature.asc
Description: Digital signature
_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Google Apps Engine Dave Aitel (Apr 08)
- Re: Google Apps Engine jf (Apr 08)
- Re: Google Apps Engine Jeremy Kelley (Apr 08)
- Re: Google Apps Engine jf (Apr 08)
- Re: Google Apps Engine Lutz Böhne (Apr 11)
- Re: Google Apps Engine Jeremy Kelley (Apr 11)
- Re: Google Apps Engine Aidan Thornton (Apr 12)
- Re: Google Apps Engine Thomas Ptacek (Apr 13)