#python - Sat 5 May 2007 between 23:54 and 00:01

NY Lost Funds



peakerPenguinOfDoom: need to find something to use in eval so an 'instance' is returned
kbrooksand then you can replace __main__ with whatever function you want along with where it is
PenguinOfDoomPeaker: Well, no. Consider normal operation of a hypothetical pickle-using application.
It passes some sort of a data structure.
The goal is to modify that data structure so that, upon unpickling, that data structure is unserialized the same way, but also some code is executed.
well, modify the pickle, not the data structure
peakerI found a way that I don't even need to edit the string after pickling :-)
PenguinOfDoomOh?
peakerhttp://deadbeefbabe.org/paste/4622
override __module__ and __name__ instead :-)
PenguinOfDoomrofles
Good old Python.
peaker;)
but you still have a problem that the unpickle is not an instance. need to find something in stdlib that is an instance and return that instead
PenguinOfDoomNot just something.
koshPenguinOfDoom: if I have to maintain your apps I am going to discuss things with you and I am going to use a chainsaw during the discussion :)
PenguinOfDoomThe specific data structure the application was trying to pass in the first place.
peakerPenguinOfDoom: hehe, yeah :-)
PenguinOfDoomkosh: I'm a maintenance programmer for a living. I know the value of not writing fucked up code.
koshok
that pickle thing is evil though
peakerPenguinOfDoom: then eval("__import__('os').system('...') and something or something")
koshdebugging that would SUCK
PenguinOfDoomPeaker: ooohhhhh yes!@#
har
peakerPenguinOfDoom: though you can't really have the eval's internal string result to unpickling of what you wanted to pass
PenguinOfDoom: cause "something" is a pickle in itself
PenguinOfDoomeval("<evilhack code> or pickle.loads('<original_pickle>')")
kbrookslol
peakerPenguinOfDoom: genius :-)
kbrooksevil code
for sure
peakerPenguinOfDoom: its still a problem though!
PenguinOfDoomWhat is?
peakerPenguinOfDoom: Because pickles are allowed to cross-refer to objects, sharing a pickle state
guyzmomcmillen - I'm not sure how it could help... haven't used metaclasses since a *long* while
ok, refreshing memory :)
Dtu3ZOhtlnmetaclasses *shudder*
werneckguyzmo: maybe a metaclass is what you want, but if you just need to create a subclass on runtime, just use the basemetaclass, ... subclass = type(ClassName, (BaseClass,), {attributes...})
if you're not sure metaclasses will be the solution for your problem, then they probably won't, and you probably should not try using them :)

Page: 2 9 16 23 30 37 44 51 58 65 

IrcArchive

NY Lost Funds