On Sun, 19 Jan 2020 at 17:45, <mus...@posteo.org> wrote: > > Is it actually possible to build a "sandbox" around eval, permitting it > only to do some arithmetic and use some math functions, but no > filesystem acces or module imports?
No. This has been tried before, and it simply isn't safe in the face of malicious input. > I have an application that loads calculation recipes (a few lines of > variable assignments and arithmetic) from a database. > > exec(string, globals, locals) > > with locals containing the input variables, and globals has a > __builtin__ object with a few math functions. It works, but is it safe? If you trust the source, it's OK, but a creative attacker who had the ability to create a recipe could execute arbitrary code. If you require safety, you really need to write your own parser/evaluator. Paul -- https://mail.python.org/mailman/listinfo/python-list