On Mon, 27 Feb 2023 at 04:56, python--- via Python-ideas <python-ideas@python.org> wrote: > > Could you elaborate on how Python code can easily bypass that sort of > restriction? > > >From my understanding, you can only do so with importlib by reading the raw > >source and evaluating it. In that case, I can just restrict importlib? Same > >with the open function which is from the io module which can also be > >restricted (and removed from builtins in that case). > > Here's a diff of my implementation and upstream's 3.11.0 tag. It's 17 commits > with most being README changes. I hope this makes it more clear. > https://github.com/python/cpython/compare/3.11...R9295:cpython:policy >
Do you block access to the __import__ function? To sys.modules and the cache of already-imported modules? What about eval() and various ways of executing arbitrary code? How about object.__subclasses__()? ChrisA _______________________________________________ Python-ideas mailing list -- python-ideas@python.org To unsubscribe send an email to python-ideas-le...@python.org https://mail.python.org/mailman3/lists/python-ideas.python.org/ Message archived at https://mail.python.org/archives/list/python-ideas@python.org/message/MNKRDQOX5AC6GCKFQ6YAWFMHIH3CLOMV/ Code of Conduct: http://python.org/psf/codeofconduct/
