Fuzzyman wrote: > Cameron Laird wrote: > [snip..] > >>This is a serious issue. >> >>It's also one that brings Tcl, mentioned several >>times in this thread, back into focus. Tcl presents >>the notion of "safe interpreter", that is, a sub- >>ordinate virtual machine which can interpret only >>specific commands. It's a thrillingly powerful and >>correct solution to the main problem Jeff and others >>have described. > > A better (and of course *vastly* more powerful but unfortunately only > a dream ;-) is a similarly limited python virutal machine.....
Yeah, I think there are a lot of people out there who would like something like this, but it's not quite clear how to go about it. If you search Google Groups, there are a lot of examples of how you can use Python's object introspection to retrieve "unsafe" functions.
I wish there was a way to, say, exec something with no builtins and with import disabled, so you would have to specify all the available bindings, e.g.:
exec user_code in dict(ClassA=ClassA, ClassB=ClassB)
but I suspect that even this wouldn't really solve the problem, because you can do things like:
py> class ClassA(object): ... pass ... py> object, = ClassA.__bases__ py> object <type 'object'> py> int = object.__subclasses__()[2] py> int <type 'int'>
so you can retrieve a lot of the builtins. I don't know how to retrieve __import__ this way, but as soon as you figure that out, you can then do pretty much anything you want to.
Steve -- http://mail.python.org/mailman/listinfo/python-list