On 30 June 2013 14:45, Andres Freund <and...@2ndquadrant.com> wrote:
> On 2013-06-30 14:42:24 +0200, Szymon Guz wrote: > > On 30 June 2013 14:31, Martijn van Oosterhout <klep...@svana.org> wrote: > > > > > On Sun, Jun 30, 2013 at 02:18:07PM +0200, Szymon Guz wrote: > > > > > python does not any any sort of reliable sandbox, so there is no > > > plpython, > > > > > only plpythonu - hence only one interpreter per backend is needed. > > > > > > > > > Is there any track of the discussion that there is no way to make the > > > > sandbox? I managed to create some kind of sandbox, a simple > modification > > > > which totally disables importing modules, so I'm just wondering why > it > > > > cannot be done. > > > > > > http://wiki.python.org/moin/SandboxedPython > > > > > > This is the thread I was thinking of: > > > http://mail.python.org/pipermail/python-dev/2009-February/086401.html > > > > > > If you read through it I think you will understand the difficulties. > > > > > thanks for links. I was thinking about something else. In fact we don't > > need full sandbox, I think it would be enough to have safe python, if it > > couldn't import any outside module. Wouldn't be enough? > > > > It seems like the sandbox modules want to limit many external operations, > > I'm thinking about not being able to import any module, even standard > ones, > > wouldn't be enough? > > python > >> open('/etc/passwd', 'r').readlines() > > thanks :)
