http://aspn.activestate.com/ASPN/Cookbook/Python/Recipe/496746
[EMAIL PROTECTED] wrote: > Hello, I am writing a pure-Python game engine that interprets the code > of game objects within the same process with the exec statement. My > main goal is to make as much power available as possible and exec seems > like the best way to do that. > > This is my "proof-of-concept" code(only 18 lines and some whitespace, > including the test): > > http://people.ucsc.edu/~jhofmann/programmables.py > > I showed this to the Pygame list and recieved some interest and a > completely different, more sophisticated implementation: > > http://codereactor.net/~shang/interpret/ > > As-is, both versions are wide-open security holes. I think that I can > patch them up if I run checks on the statements and eliminate all > language features that pose risks. Then, features that are useful but > not needed at their full capacity can be accessed through functions > designed to be secure. Forcing a crash is not considered an exploit for > this purpose(since it's a game engine - if it crashes, the user can > recover and lose no data) > > What I'd like to know is, is it possible to meet this level of > security, and if so, which features have to be eliminated? > > The two that I'm sure should go are module imports and self-modifying > code. But in the latter case, I don't know all the ways that might be > done. It seems like a very complicated problem, and if I can't solve it > I might leave the whole thing unsecured. -- http://mail.python.org/mailman/listinfo/python-list