Graham wrote: > I've been messing around with trying to get a small sandbox like > environment where i could execute python code in a "safe" way. > Basically what the old restricted execution module attempted to do. > I've written a small amount of code to get custom interpreter running, > but i'm not really sure if its safe. > > The way i'm controlling functionality is with some games and exec, so > if 'code' was the text code you wanted to execute i run: > > exec code in {'__builtins__':None"} > > obviously this doesn't give you much to play with, but it does remove > file access and importing as far as i can tell. Can anyone think of a > hack around this? I assume if it was this easy it would be a module > already but i figured i would ask.
You need to remove reload, replace __import__, disable __subclasses__ (not convenient nor portable because you need to do it in the source. Shouldn't it be restricted in restricted mode?). That removes most glaring security holes, I think. If you need to touch any of the attributes of the objects in the sandbox, you might want to remove properties. I wouldn't recommend exposing any objects outside of the sandbox to the sandbox, either. Zope also has some cool viral proxy thing that I don't understand that you might want to look into. -- http://mail.python.org/mailman/listinfo/python-list