On 2013-06-30 22:43:52 -0300, Claudio Freire wrote: > Not only that, the CPython interpreter is rather fuzzy about the > division between interpreters. You can initialize multiple > interpreters, but they share a lot of state, so you can never fully > separate them. You'd have some state from the untrusted interpreter > spill over into the trusted one within the same session, which is not > ideal at all (and in fact can be exploited). > > In essence, you'd have to use another implementation. CPython guys > have left it very clear they don't intend to "fix" that, as they don't > consider it a bug. It's just how it is.
Doesn't zope's RestrictedPython have a history of working reasonably well? Now, you sure pay a price for that, but ... Greetings, Andres Freund -- Andres Freund http://www.2ndQuadrant.com/ PostgreSQL Development, 24x7 Support, Training & Services -- Sent via pgsql-hackers mailing list (firstname.lastname@example.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers