On Sat, Jul 16, 2011 at 8:00 AM, Dave Stark <david.st...@intusurg.com> wrote: > Hello, > > I have a multithreaded application that uses embedded python extensively. > The main thread creates python objects that interface test equipment, and > users execute their own python scripts that run in a separate thread.
I did something extremely similar (but without the threading), and was majorly burnt. Poke around on the archives and you'll find the extent to which I (and my boss) got egg on our faces; I had thought that it would be possible to sandbox Python enough for a user to be able to submit code. It's not. If you're fortunate, someone from this list will create a file in /tmp, read it back, and then email you showing how easy it was to do. If you're not, it'll be utter and complete p0wnage. PyErr_SetInterrupt() raises KeyboardInterrupt. It works fine, as long as the script catches that. I had the same issues with my system; I wanted to administratively guarantee that the script WOULD NOT take more than X ms of CPU time. Since a Python script can catch KeyboardInterrupt, it could ignore the watchdog timer. In the end, I created a second watchdog that, if triggered, would longjmp straight out past all the Python code and back to a basic cleanup-and-terminate routine. There's no way, currently, to make an uncatchable exception. I already asked. The general response is (and I should have listened, instead of muffling on and hoping that we could sandbox Python "enough to get by") that Python is not the right language for that sort of job. I was advised to try Javascript/ECMAScript, and Google's V8 engine is fairly good; not perfect, but decent. Alternatively, Lua works well, but it's a lot more effort to embed (especially if you want heavy interfacing between the script code and your application code - everything's done with a stack). Chris Angelico -- http://mail.python.org/mailman/listinfo/python-list
