Creating instances of untrusted new-style classes

[Devan L]

Is there any safe way to create an instance of an untrusted class
without consulting the class in any way? With old-style classes, I can
recreate an instance from another one without worrying about malicious
code (ignoring, for now, malicious code involving attribute access) as
shown below.
.... def __init__(self, who, knows, what, args):
.... self.mystery_args = (who, knows, what, args)
.... print "Your code didn't expect the Spanish inquisition!"
....
I'm not sure how to do the same for new-style classes, if it's at all
possible to do from within Python. Is there any way to accomplish this,
or is there no practical way to do so?

Thanks,
- Devan

 

[Ben Finney]

Is there any safe way to create an instance of an untrusted class

Why are you instantiating classes you don't trust?

without consulting the class in any way?

If you don't "consult the class", how can the instance be created
properly?

 

[Devan L]

Why are you instantiating classes you don't trust?

If you don't "consult the class", how can the instance be created
properly?

When my program runs (CGI), the following happens:
* User enters source, which is executed in a restricted environment,
which unserializes a previously serialized environment if there is one.

* The restricted environment is serialized, including any instances
they may have instantiated.

So when I unserialize their instances, I have to recreate them, but
without calling any of their code (I can't run the unserializing code
in a restricted environment). Instances of old-style classes can be
created without touching the actual old-style class code, but I'm not
sure how, if it's possible, to do the same with new-style classes


- Devan

 

[Michael Spencer]

Is there any safe way to create an instance of an untrusted class
without consulting the class in any way? With old-style classes, I can
recreate an instance from another one without worrying about malicious
code (ignoring, for now, malicious code involving attribute access) as
shown below.

... def __init__(self, who, knows, what, args):
... self.mystery_args = (who, knows, what, args)
... print "Your code didn't expect the Spanish inquisition!"
...
<__main__.Foo instance at 0x008B5FD0>

I'm not sure how to do the same for new-style classes, if it's at all
possible to do from within Python. Is there any way to accomplish this,
or is there no practical way to do so?

Thanks,
- Devan

.... def __init__(self, *args):
.... self.args = args
.... print "Calling __init__"
....
HTH

Michael

 

[Devan L]

Is there any safe way to create an instance of an untrusted class
without consulting the class in any way? With old-style classes, I can
recreate an instance from another one without worrying about malicious
code (ignoring, for now, malicious code involving attribute access) as
shown below.
[snip my example]

I'm not sure how to do the same for new-style classes, if it's at all
possible to do from within Python. Is there any way to accomplish this,
or is there no practical way to do so?

Thanks,
- Devan

class A(object):

... def __init__(self, *args):
... self.args = args
... print "Calling __init__"
...
HTH

Michael

Thanks, now I just have to figure out all the meddling small details I
put off before!

-Devan

 

[greg]

Note that you'll need to be a bit cleverer if the
class might be derived from some other built-in
type:
.... pass
....Traceback (most recent call last):
[]

I'm not sure what is the easiest way to figure out
what base class to use, though. One way would be
to work your way backwards along the __mro__ until
one of them succeeds, but there's probably a more
direct way.