Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos

Dailydave: Re: Google Apps Engine

Re: Google Apps Engine

From: Jeremy Kelley <jeremy_at_austin.ibm.com>
Date: Fri, 11 Apr 2008 12:06:13 -0500

Quoting Lutz B?hne (lboehne_at_damogran.de):
> Python is fun, there are so many ways to have it do what you want ;)
>
> It might be possible to remove these functions like this:
>
> >>> del __builtins__.__dict__["open"]
> >>> open('/etc/passwd')
> Traceback (most recent call last):
> File "<stdin>", line 1, in <module>
> NameError: name 'open' is not defined
> [...]
>
> But i don't know whether that'd get rid of all problems.

doh! Good catch on the builtins. I should have looked further for that
example.

I did see today that Guido was one of the lead guys on the google
appserver codebase. I'd be interested in hearing from him on ways they
may be preparing to offer a sanitized environment.

-j 

-- 
Jeremy Kelley <jeremy_at_austin.ibm.com>               Sr. Threat Analyst
gpg  1024D/E0DF8B2D  4BC3 B8B5 5B42 CC8E B6A9 2E85 32D3 C51C E0DF 8B2D
That's the problem with science.  You've got a bunch of empiricists
trying to describe things of unimaginable wonder.      -Bill Watterson
_______________________________________________
Dailydave mailing list
Dailydave_at_lists.immunitysec.com
http://lists.immunitysec.com/mailman/listinfo/dailydave
Received on Apr 11 2008
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]