On Apr 13, 8:20 pm, Bryan Oakley <[EMAIL PROTECTED]> wrote:
> Ivan Illarionov wrote:
> > You don't need to envoke another interpreter.
> > Python can interpret arbitrary python code with exec statement.
> > Wrap user's string inside function definition, and exec it.
>
> > You might want to disable words like `import`, `exec` and `eval` in
> > user's code because it's a big security risk.
>
> The above statement is exactly why one would want to eval the code
> inside a separate interpreter. Not just for security, but to prevent
> user code from stomping all over the application code by creating or
> destroying global resources.
>
> Is it possible to create a nested interpreter like you can do in some
> other languages?
Yes. Call PyRun_SimpleString from ctypes or call PyRun_SimpleString
from custom python extension. But it does nothing what exec can't do.
We have:
exec `something` in `where_we_exec`
if `where_we_exec` is an empty dictionary the exec'd code has no
access to app code or global resources.
Even more, it's harder to control the nested interpreter than strings
about to be exec'd. And you still have to worry about security. So,
not only you gain nothing by this approach, you make your software
more vulnerable. The code like `import os\n os.*killme*` or
eval("__import__('os').*killme*") will be harder to disable.
--
Ivan
--
http://mail.python.org/mailman/listinfo/python-list
