Home/ Questions/Q 6118387
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-23T15:25:49+00:00

I’m looking at several cases where it would be far, far, far easier to

  • 0

I’m looking at several cases where it would be far, far, far easier to accept nearly-raw code. So,

  1. What’s the worst you can do with an expression if you can’t lambda, and how?
  2. What’s the worst you can do with executed code if you can’t use import and how?
    (can’t use X == string is scanned for X)

Also, B is unecessary if someone can think of such an expr that given d = {key:value,…}:
expr.format(key) == d[key]

Without changing the way the format looks.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    The worst you can do with an expression is on the order of

    __import__('os').system('rm -rf /')

    if the server process is running as root. Otherwise, you can fill up memory and crash the process with

    2**2**1024

    or bring the server to a grinding halt by executing a shell fork bomb:

    __import__('os').system(':(){ :|:& };:')

    or execute a temporary (but destructive enough) fork bomb in Python itself:

    [__import__('os').fork() for i in xrange(2**64) for x in range(i)]

    Scanning for __import__ won’t help, since there’s an infinite number of ways to get to it, including

    eval(''.join(['__', 'im', 'po', 'rt', '__']))
getattr(__builtins__, '__imp' + 'ort__')
getattr(globals()['__built' 'ins__'], '__imp' + 'ort__')

    Note that the eval and exec functions can also be used to create any of the above in an indirect way. If you want safe expression evaluation on a server, use ast.literal_eval.

    • 0