timmy <"timothy at open-networks.net"> wrote: This sub-thread starts to become a flame-war, isn't it? Calm down, both of you... No need to fight, when only some ideas for a technical question are requested.
> as posted before, linux kernel limit. > > then you and your users can go as crazy as you want and you won't take > out your system. The problem with linux kernel limits are, that they won't work really good on MacOSX and Windows... OTOH the idea is the right one, but the effect can be achieved inside of Python. Since Python does byte compile the code and the interpreter evaluates each byte code token in one evaluation step. The interpreter could be extended for such usecases to count and limit the number of evaluation steps allowed for untrusted script or methods in untrusted script as well as to limit the recursion depth or memory to be allocated. All those limits are managed by the interpreter for script code and hence can be limited for untrusted code by the interpreter. This also does not really make DoS impossible (what about C extensions? - maybe restricting "import"?). - As I said before in this thread, making a sandbox really secure is a hard job, and may need some serious changes in the Python interpreter, but AFAIK from Tcl, it is possible - and would be nice to have. Regards Stephan -- http://mail.python.org/mailman/listinfo/python-list