42 wrote: > Fair enough. I'm more or less ready to 'give up' on this fantasy of > python in a sandbox. I'll either use something else, or just accept the > risk. :)
But is the scripting language interpreter the right place to put this? After all, any most languages would allow you to write something like an infinite loop, which might hog resources unless there is "something" outside the script that manages resources in such a way that this is not a problem. I've said this before: It's seems to me that this sandboxing should be done by the operating system. If the script runs in something like a chrooted environment, or with very restricted user permissions, it's difficult to do a lot of damage. E.g. if it runs as a user with no rights to execute, read or write files except those explicitly needed to get the scripts running, you're no worse off than if you allow the same user to log on to the machine with such limited ability. Right? Or have I missed something significant here? -- http://mail.python.org/mailman/listinfo/python-list
