"Stephan Kuhagen" <[EMAIL PROTECTED]> wrote:
> The problem with linux kernel limits are, that they won't work really good > on MacOSX and Windows... OTOH the idea is the right one, but the effect can > be achieved inside of Python. Since Python does byte compile the code and > the interpreter evaluates each byte code token in one evaluation step. The > interpreter could be extended for such usecases to count and limit the > number of evaluation steps allowed for untrusted script or methods in > untrusted script as well as to limit the recursion depth or memory to be > allocated. All those limits are managed by the interpreter for script code > and hence can be limited for untrusted code by the interpreter. This also > does not really make DoS impossible (what about C extensions? - maybe > restricting "import"?). - As I said before in this thread, making a sandbox > really secure is a hard job, and may need some serious changes in the > Python interpreter, but AFAIK from Tcl, it is possible - and would be nice > to have. I seem to recall previous discussion on this group about a thing called the bastion module, and that it was deprecated. Not sure if it has any relevance. - Hendrik -- http://mail.python.org/mailman/listinfo/python-list