On 12/19/06, robomancer <[EMAIL PROTECTED]> wrote:
On the other hand, allowing people to run arbitrary code on your
machine is a Bad Idea even if you *can* ensure that the filesystem
isn't touched.  What if they send any of the following?

while True:
  pass

def fib(n):
  return fib(n-1) + fib(n-2)
fib(1000000)

If you were using Stackless Python, this sort of thing could
easily be detected, interrupted and discarded.  You could
then flag the user who wrote the overly intensive logic
and refuse to run any more (or whatever).

def steal_data():
  send_to_client("127.0.0.1", pickle.dump(confidential.data.structure)

I wonder if this recipe were taken to the safe extreme, how
much of a subset of Python could be safely allowed:

http://aspn.activestate.com/ASPN/Cookbook/Python/Recipe/286134

Richard.

Reply via email to