Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Import order affects whether code is sandboxed. #16

Open
nedbat opened this issue Sep 10, 2013 · 0 comments
Open

Import order affects whether code is sandboxed. #16

nedbat opened this issue Sep 10, 2013 · 0 comments

Comments

@nedbat
Copy link
Contributor

nedbat commented Sep 10, 2013

This code will run outside of a sandbox:

  import codejail.jail_code
  import codejail.safe_exec
  codejail.jail_code.configure('python', '/home/pmitros/jail/jailbox/bin/python')
  codejail.safe_exec.safe_exec("import os\nos.system('ls /etc')", {})

This code will run in a sandbox:

  import codejail.jail_code
  codejail.jail_code.configure('python', '/home/pmitros/jail/jailbox/bin/python')
  import codejail.safe_exec
  codejail.safe_exec.safe_exec("import os\nos.system('ls /etc')", {})

The only difference is the order of the calls.

The code which specifically breaks is:

UNSAFE = ALWAYS_BE_UNSAFE or not jail_code.is_configured("python")

This runs on import, and if UNSAFE is set, it overrides safe_exec with an unsafe version. The code attempts to log a warning, but fails unless loggers are configured the edX way (simply stating 'No handlers could be found for logger "codejail.safe_exec"').
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@nedbat