| HN Mirror

Y	Hacker News new \| ask \| show \| jobs

by phleet 4819 days ago

Ah, interesting.

File system access isn't blocked completely:

__import__("os").listdir("/evaluate")

open("/evaluate/test.py").readlines()

2 comments

emillon 4819 days ago

Execv'ing processes is OK as long as you don't fork:

    __import__("os").execv("/usr/bin/uname", ["uname", "-a"])
    Linux ip-10-196-3-111 2.6.32-amazon-xen-r3 #1 SMP Mon Jan 16 21:03:16 PST 2012 i686 GNU/Linux

As for the actual files, there are a few clues that a chroot is created for every request : /proc is not mounted, /etc is minimal (root + 1 user in passwd) and "ls -id /" returns a new inode number every time.

link

tdinkar 4818 days ago

Yeah, we are using chroot (along with other things) to sandbox things on a per request basis.

- Tejas from Team PythonMonk (I built the sandboxing stuff)

link

SEJeff 4819 days ago

__import__("os").execv("/usr/bin/env", ["env"])

Gives you a few clues as well

link

stringfellow 4818 days ago

adam.py... :) If only I knew more about bytecode...

  import inspect
  import pprint
  pp = pprint.PrettyPrinter(depth=6)
  f = inspect.currentframe()
  c = 0
  while f is not None:
      c += 1
      if c == 20:
          print f.f_code
          pp.pprint(dict(inspect.getmembers(f.f_code)))
      f = f.f_back

link