En Thu, 27 Mar 2008 16:29:23 -0300, <[EMAIL PROTECTED]>
escribió:
> I'm making a game where you'll be able to make your own mods and I
> want to be able to write these mods in python. However, python has a
> lot of "dangerous" functions (like erase any file on the harddrive
> etc) so I want a "safe" python. I first found RExec but that is
> disabled in python 2.5 so I was thinking about building python from
> source with a few changes.
> The changes I was thinking about was to change the import function so
> that it should only be able to import the .pyd-files that I allow (and
> it should of course still be able to import any .py-file) and remove
> or change the builtin functions that are "dangerous".
> Is this enough to make a "safe" python that can't do anything
> "dangerous"?
No, and that's the reason for rexec/bastion removal. There are several
ways to circumvent it. By example, if the user can get access to a file
object, he can open any other file using type(f)("anyotherfile"). If he
can get an object defined in your code:
py> type(x).some_method.func_globals['__builtins__'].__import__
<built-in function __import__>
and then import anything.
I think that a highly reputed Python developer made some time ago a really
safe version and nobody could spot any holes, but I can't find the
reference.
> I'm going to embed this "safe" python into my game and I've discovered
> that when I embed the original python and the mod wants to import
> a .py-file that is not in the game directory it will search for
> the .py-file in the python directory that is installed on my computer.
> Can I somehow prevent the embedded python to look in the python
> directory?
Python looks along sys.path for importing things. Sorry but if you don't
know that you shouldn't try to build a safe Python version on your own -
at least you should have a lot of doubts that it is actually safe.
--
Gabriel Genellina
--
http://mail.python.org/mailman/listinfo/python-list
