from talking to the python guys sandboxing python is easy if you use
the C api to overwrite builtins.
(sandboxing issues arise from trying to sandbox python from within python)
You'd need to replace pythons import function with one that checks
only for files in a zip for instance.
Or for starters you could disable import alltogether and only allow C
modules and standalone scripts.
------------------ blenders sandbox code
// Python Sandbox code
// override builtin functions import() and open()
PyObject *KXpy_open(PyObject *self, PyObject *args) {
PyErr_SetString(PyExc_RuntimeError, "Sandbox: open() function
disabled!\nGame Scripts should not use this function.");
return NULL;
}
PyObject *KXpy_reload(PyObject *self, PyObject *args) {
PyErr_SetString(PyExc_RuntimeError, "Sandbox: reload() function
disabled!\nGame Scripts should not use this function.");
return NULL;
}
PyObject *KXpy_file(PyObject *self, PyObject *args) {
PyErr_SetString(PyExc_RuntimeError, "Sandbox: file() function
disabled!\nGame Scripts should not use this function.");
return NULL;
}
PyObject *KXpy_execfile(PyObject *self, PyObject *args) {
PyErr_SetString(PyExc_RuntimeError, "Sandbox: execfile() function
disabled!\nGame Scripts should not use this function.");
return NULL;
}
PyObject *KXpy_compile(PyObject *self, PyObject *args) {
PyErr_SetString(PyExc_RuntimeError, "Sandbox: compile() function
disabled!\nGame Scripts should not use this function.");
return NULL;
}
PyObject *KXpy_import(PyObject *self, PyObject *args)
{
char *name;
PyObject *globals = NULL;
PyObject *locals = NULL;
PyObject *fromlist = NULL;
PyObject *l, *m, *n;
if (!PyArg_ParseTuple(args, "s|OOO:m_import",
&name, &globals, &locals, &fromlist))
return NULL;
/* check for builtin modules */
m = PyImport_AddModule("sys");
l = PyObject_GetAttrString(m, "builtin_module_names");
n = PyString_FromString(name);
if (PySequence_Contains(l, n)) {
return PyImport_ImportModuleEx(name, globals, locals, fromlist);
}
/* quick hack for GamePython modules
TODO: register builtin modules properly by ExtendInittab */
if (!strcmp(name, "GameLogic") || !strcmp(name, "GameKeys") ||
!strcmp(name, "PhysicsConstraints") ||
!strcmp(name, "Rasterizer") || !strcmp(name, "Mathutils")) {
return PyImport_ImportModuleEx(name, globals, locals, fromlist);
}
PyErr_Format(PyExc_ImportError,
"Import of external Module %.20s not allowed.", name);
return NULL;
}
static PyMethodDef meth_open[] = {{ "open", KXpy_open, METH_VARARGS,
"(disabled)"}};
static PyMethodDef meth_reload[] = {{ "reload", KXpy_reload,
METH_VARARGS, "(disabled)"}};
static PyMethodDef meth_file[] = {{ "file", KXpy_file, METH_VARARGS,
"(disabled)"}};
static PyMethodDef meth_execfile[] = {{ "execfile", KXpy_execfile,
METH_VARARGS, "(disabled)"}};
static PyMethodDef meth_compile[] = {{ "compile", KXpy_compile,
METH_VARARGS, "(disabled)"}};
static PyMethodDef meth_import[] = {{ "import", KXpy_import,
METH_VARARGS, "our own import"}};
void setSandbox(TPythonSecurityLevel level)
{
PyObject *m = PyImport_AddModule("__builtin__");
PyObject *d = PyModule_GetDict(m);
// functions we cant trust
PyDict_SetItemString(d, "open", PyCFunction_New(meth_open, NULL));
PyDict_SetItemString(d, "reload", PyCFunction_New(meth_reload, NULL));
PyDict_SetItemString(d, "file", PyCFunction_New(meth_file, NULL));
PyDict_SetItemString(d, "execfile", PyCFunction_New(meth_execfile,
NULL));
PyDict_SetItemString(d, "compile", PyCFunction_New(meth_compile, NULL));
// our own import
PyDict_SetItemString(d, "__import__", PyCFunction_New(meth_import,
NULL));
}
On Sat, Sep 6, 2008 at 10:07 AM, [EMAIL PROTECTED]
<[EMAIL PROTECTED]> wrote:
> hi,
>
> i would like to bring up this topic again since a python based open source
> alternative to flash which could be used to create browser games would
> be super awesome. :)
>
> if i understand this correctly then the main problem of something like that
> is security.
>
> i noticed on the blender mailing list that someone started to revive the
> blender game engine web plugin. they use python too and apparently they have
> found a way to sandbox python.
>
> http://lists.blender.org/pipermail/bf-committers/2008-August/021660.html
>
> what do you think about this?
> wouldn't a web plugin be a big opportunity for pygame?
> i am no expert on all of this though... maybe making a web version of
> pygame is totally unfeasible?
