On Mon, Apr 11, 2016 at 04:04:21PM +0100, Paul Moore wrote: > However, it's not at all clear (to me at least) what you *are* trying > to do.
I'm trying to see to what extent we can use ast node inspection to remedy the failures of prior attempts at Python sandboxing. Is there *any* extent to which Python can be sandboxed, or is even trying to use it as a calculator function unfixably insecure? > You're limiting the subset of Python that people can use, > understood. And you're trying to ensure that people can't do "bad > things". Again, understood. But what subset are you actually allowing, > and what things are you trying to protect against? (For example, I > can't calculate sin(1.2) using the math module - why is that not > alllowed? It wasn't allowed in the earlier version because I wasn't allowing import at all, because this is just an experiment. As it happens, I added 'import' yesterday so yes you can use math.sin. > It feels at the moment as if I'm playing a game where I don't know the > rules, and every time I think I scored a point, the rules are changed > to retroactively disallow it. The challenge is to show some code that will escape from the sandbox, in a way that is not trivially fixable with a tiny patch, or in a way that demonstrates that such a large number of tiny patches would be required as to be unworkable. _______________________________________________ Python-Dev mailing list Python-Dev@python.org https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
