On Thu, Apr 7, 2016, at 00:48, Steven D'Aprano wrote: > Sure, but I'm just demonstrating that the unrestricted builtins are just > one > attribute lookup away. And as Chris points out, if you have (say) the os > module, then: > > magic = os.sys.modules[ > ''.join(chr(i-1) for i in > (96,96,99,118,106,109,117,106,111,116,96,96)) > ][''.join(chr(i+17) for i in (84,101,80,91))]
I think you probably would not want to allow it access to any "real" modules, but only proxy objects that allow either a specific set of names (there are almost certainly functions in os that you don't want, beyond the imported sys) or something general like "any public [non-underscore] function/class/variable" (if the module itself has been examined and exporting this full subset passes security standards); in the latter case any imported modules would likewise be replaced with the sandbox's fake module, so os.sys gives you the same thing that import sys does (though, os in particular would be insane to give blanket access to, but my test code works for fractions.sys) -- https://mail.python.org/mailman/listinfo/python-list