Graham wrote:
> I've been messing around with trying to get a small sandbox like
> environment where i could execute python code in a "safe" way.
> Basically what the old restricted execution module attempted to do.
> I've written a small amount of code to get custom interpreter running,
> but i'm not really sure if its safe.
>
> The way i'm controlling functionality is with some games and exec, so
> if 'code' was the text code you wanted to execute i run:
>
> exec code in {'__builtins__':None"}
>
> obviously this doesn't give you much to play with, but it does remove
> file access and importing as far as i can tell. Can anyone think of a
> hack around this? I assume if it was this easy it would be a module
> already but i figured i would ask.You need to remove reload, replace __import__, disable __subclasses__ (not convenient nor portable because you need to do it in the source. Shouldn't it be restricted in restricted mode?). That removes most glaring security holes, I think. If you need to touch any of the attributes of the objects in the sandbox, you might want to remove properties. I wouldn't recommend exposing any objects outside of the sandbox to the sandbox, either. Zope also has some cool viral proxy thing that I don't understand that you might want to look into. -- http://mail.python.org/mailman/listinfo/python-list
