Dailydave mailing list archives
Re: Google Apps Engine
From: Jeremy Kelley <jeremy () austin ibm com>
Date: Fri, 11 Apr 2008 12:06:13 -0500
Quoting Lutz B?hne (lboehne () damogran de):
Python is fun, there are so many ways to have it do what you want ;) It might be possible to remove these functions like this: >>> del __builtins__.__dict__["open"] >>> open('/etc/passwd') Traceback (most recent call last): File "<stdin>", line 1, in <module> NameError: name 'open' is not defined [...] But i don't know whether that'd get rid of all problems.
doh! Good catch on the builtins. I should have looked further for that example. I did see today that Guido was one of the lead guys on the google appserver codebase. I'd be interested in hearing from him on ways they may be preparing to offer a sanitized environment. -j -- Jeremy Kelley <jeremy () austin ibm com> Sr. Threat Analyst gpg 1024D/E0DF8B2D 4BC3 B8B5 5B42 CC8E B6A9 2E85 32D3 C51C E0DF 8B2D That's the problem with science. You've got a bunch of empiricists trying to describe things of unimaginable wonder. -Bill Watterson _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Google Apps Engine Dave Aitel (Apr 08)
- Re: Google Apps Engine jf (Apr 08)
- Re: Google Apps Engine Jeremy Kelley (Apr 08)
- Re: Google Apps Engine jf (Apr 08)
- Re: Google Apps Engine Lutz Böhne (Apr 11)
- Re: Google Apps Engine Jeremy Kelley (Apr 11)
- Re: Google Apps Engine Aidan Thornton (Apr 12)
- Re: Google Apps Engine Thomas Ptacek (Apr 13)