Lets say you want to limit access to arbitrary code execution from a regular python runtime. What do you need to limit? This is a list of examples on how that is a futile mission (unless you REALLY want to limit the power of python).
- 01_using_os.py: The simplest thing, just do
os.spawn
- 02_using_subprocess.py: The
os
module was deprecated a loooong time ago. Why don't we use a modern library? - 03_using_ctypes.py: It's obvious to any well meaning programmer that
os
andsubprocess
are hairy modules. But do you remember thatctypes
exists? - 04_using_mmap.py: Woah! We can create executable memory FROM INSIDE python? That sounds incredible cursed.
- 05_using_open.py: ... just
open
? How? What do you mean with "/proc/self/mem bypasses memory protections"?
- The mmap trick is borrowed from the gobstones langugage. Check their really nice and simplistic JIT compiler!
- I learned the
open
trick from this cursed rust issue.