Safe eval recipe posted to cookbook: http://aspn.activestate.com/ASPN/Cookbook/Python/Recipe/364469
This recipe only evaluates constant expressions:
"Description:
Evaluate constant expressions, including list, dict and tuple using the abstract syntax tree created by compiler.parse"
It means you can't eval arbitrary Python code -- it's basically just a data parser. Handy in some situations, but not the equivalent of a limited Python virtual machine.
Likewise, function calls are easily intercepted
I'm not sure I follow this... How do you intend to intercept all function calls?
As you say, attribute access to core functions appears to present the challenge. It is easy to intercept attribute access, harder to know what's safe. If there were a known set of 'dangerous' objects e.g., sys, file, os etc... then these could be checked by identity against any attribute returned
It sounds like you're suggesting overriding the global attribute access mechanism. Is that right? So that every time Python encountered an attribute access, you would verify that the attribute being accessed is not on the 'dangerous' list? I don't know how to do that without basically rewriting some of Python's C code, though certainly I'm no expert in the area...
Also, I'm not sure identity is sufficient:
py> import sys
py> import new
py> new.module('newsys')
py> newsys = new.module('newsys')
py> newsys.__dict__.update(sys.__dict__)
py> newsys is sys
False
py> newsys == sys
FalseSteve -- http://mail.python.org/mailman/listinfo/python-list
