You can usually get access to anything you need, even when __builtins__
has been removed. It's just a matter of digging far enough. For example:
Python 2.7.3 (default, Apr 10 2012, 23:31:26) [MSC v.1500 32 bit (Intel)] on win32
Type "help", "copyright", "credits" or "license" for more information.
>>> __builtins__ = 0
>>> open
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
NameError: name 'open' is not defined
>>> dir
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
NameError: name 'dir' is not defined
>>> int
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
NameError: name 'int' is not defined
>>> float
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
NameError: name 'float' is not defined
>>>
>>> __builtins__ = [t for t in ().__class__.__bases__[0].__subclasses__() if 'warning' in t.__name__][0]()._module.__builtins__
>>>
>>> open
<built-in function open>
>>> int
<type 'int'>
>>> float
<type 'float'>
>>>
For an explanation of what the heck just happened here, read Eval really is dangerous, where similar techniques are used to demonstrate that you cannot safely execute untrusted Python code.
与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…