On Saturday, 6 October 2012 12:49:29 UTC+5:30, Chris Angelico wrote: > On Sat, Oct 6, 2012 at 8:22 AM, Robin Krahl <m...@robin-krahl.de> wrote: > > > Hi all, > > > > > > I need to execute untrusted scripts in my Python application. To avoid > > security issues, I want to use a sandboxed environment. This means that the > > script authors have no access to the file system. They may only access > > objects, modules and classes that are "flagged" or "approved" for scripting. > > > > > > I read that I will not be able to do this with Python scripts. (See > > SandboxedPython page in the Python wiki [0] and several SE.com questions, > > e. g. [1].) So my question is: What is the best way to "embed" a script > > engine in a sandboxed environment that has access to the Python modules and > > classes that I provide? > > > > With extreme difficulty. A while back (couple years maybe? I don't > > remember), I ignored everyone's warnings and tried to make a sandboxed > > Python, embedded in a C++ application. It failed in sandboxing. With > > just some trivial tinkering using Python's introspection facilities, a > > couple of python-list people managed to read and write files, and > > other equally dangerous actions. Shortly thereafter, we solved the > > problem completely... by switching to JavaScript. > > > > Embedding CPython in an application simply doesn't afford sandboxing. > > To what extent do you actually need to run untrusted Python? Can you, > > for instance, sandbox the entire process (which wasn't an option for > > what we were doing)? Perhaps chrooting the Python interpreter will do > > what you need. But there may still be leaks, I don't know. > > > > ChrisA
Something like ast.literal_eval may be useful. -- http://mail.python.org/mailman/listinfo/python-list
