Jean-Paul Calderone wrote: > On Thu, 16 Feb 2006 07:59:03 -0800, Alex Martelli <[EMAIL PROTECTED]> wrote: > >Graham <[EMAIL PROTECTED]> wrote: > > > >> I've been messing around with trying to get a small sandbox like > >> environment where i could execute python code in a "safe" way. > >> Basically what the old restricted execution module attempted to do. > >> I've written a small amount of code to get custom interpreter running, > >> but i'm not really sure if its safe. > >> > >> The way i'm controlling functionality is with some games and exec, so > >> if 'code' was the text code you wanted to execute i run: > >> > >> exec code in {'__builtins__':None"} > >> > >> obviously this doesn't give you much to play with, but it does remove > >> file access and importing as far as i can tell. Can anyone think of a > >> hack around this? I assume if it was this easy it would be a module > >> already but i figured i would ask. > > > >I suggest compiling the code and examining the names used in the code > >object (co_names attribute of the code object which compile returns) -- > >refuse to execute the code if it mentions, defines or uses any special > >name (starting and ending with two underscores). That, plus removing > >almost all builtins as you do here, should be a good start. > > A good start, perhaps, but still in need of a good finish. > > """ > exec 'print ' + ''.join(map(chr, [ > 95, 95, 98, 117, 105, 108, 116, 105, 110, 115, 95, 95])) > """ > > You can come up with a long list of restrictions to impose, and maybe that > will be good enough. But making it /perfect/ is a Herculean task, as is > maintaining it as new Python releases are made, and auditing it every time > you add a new piece of code to your system. >
What about what's in zope, : http://svn.zope.org/Zope3/trunk/src/zope/security/untrustedinterpreter.txt?view=auto -- http://mail.python.org/mailman/listinfo/python-list