On Thu, 16 Feb 2006 07:59:03 -0800, Alex Martelli <[EMAIL PROTECTED]> wrote: >Graham <[EMAIL PROTECTED]> wrote: > >> I've been messing around with trying to get a small sandbox like >> environment where i could execute python code in a "safe" way. >> Basically what the old restricted execution module attempted to do. >> I've written a small amount of code to get custom interpreter running, >> but i'm not really sure if its safe. >> >> The way i'm controlling functionality is with some games and exec, so >> if 'code' was the text code you wanted to execute i run: >> >> exec code in {'__builtins__':None"} >> >> obviously this doesn't give you much to play with, but it does remove >> file access and importing as far as i can tell. Can anyone think of a >> hack around this? I assume if it was this easy it would be a module >> already but i figured i would ask. > >I suggest compiling the code and examining the names used in the code >object (co_names attribute of the code object which compile returns) -- >refuse to execute the code if it mentions, defines or uses any special >name (starting and ending with two underscores). That, plus removing >almost all builtins as you do here, should be a good start.
A good start, perhaps, but still in need of a good finish. """ exec 'print ' + ''.join(map(chr, [ 95, 95, 98, 117, 105, 108, 116, 105, 110, 115, 95, 95])) """ You can come up with a long list of restrictions to impose, and maybe that will be good enough. But making it /perfect/ is a Herculean task, as is maintaining it as new Python releases are made, and auditing it every time you add a new piece of code to your system. Just keep that in mind if you decide to pursue this. Jean-Paul -- http://mail.python.org/mailman/listinfo/python-list