pysandbox 1.5 released
pysandbox is a Python sandbox. By default, untrusted code executed in the sandbox cannot modify the environment (write a file, use print or import a module). But you can configure the sandbox to choose exactly which features are allowed or not, e.g. import sys module and read /etc/issue file. http://pypi.python.org/pypi/pysandbox https://github.com/haypo/pysandbox/ Main changes since pysandbox 1.0.3: - More modules and functions are allowed: math, random and time modules, and the compile() builtin function for example - Drop the timeout feature: it was not effective on CPU intensive functions implemented in C - (Read the ChangeLog to see all changes.) pysandbox has known limitations: - it is unable to limit memory or CPU - it does not protect against bugs (e.g. crash) or vulnerabilities in CPython - dict methods able to modify a dict (e.g. dict.update) are disabled to protect the sandbox namespace, but dict[key]=value is still accepted It is recommanded to run untrusted code in a subprocess to workaround these limitations. pysandbox doesn't provide an helper yet. pysandbox is used by an IRC bot (fschfsch) to evaluate a Python expression. The bot uses fork() and setrlimit() to limit memory and to implement a timeout. https://github.com/haypo/pysandbox/wiki/fschfsch -- The limitation on dict methods is required to deny the modification of the __builtins__ dictionary. I proposed the PEP 416 (frozendict) but Guido van Rossum is going to reject it. I don't see how to fix this limitation without modifying CPython. http://www.python.org/dev/peps/pep-0416/ Victor -- http://mail.python.org/mailman/listinfo/python-announce-list Support the Python Software Foundation: http://www.python.org/psf/donations/
[ANN] Leipzig Python User Group - Meeting, March 20, 2012, 08:00 p.m.
=== Leipzig Python User Group === We will meet on Tuesday, March 20 at 8:00 p.m. at the training center of Python Academy in Leipzig, Germany ( http://www.python-academy.com/center/find.html ). Everybody who uses Python, plans to do so or is interested in learning more about the language is encouraged to participate. We will continue to work on our project "Python macht Schule" [1] creating Python teaching material for kids. While the meeting language will be mainly German, we will provide English translation if needed. Food and soft drinks are provided. Please send a short confirmation mail to i...@python-academy.de, so we can prepare appropriately. Current information about the meetings are at http://www.python-academy.com/user-group . Mike [1] https://bitbucket.org/PySV/python_macht_schule == Leipzig Python User Group === Wir treffen uns am Dienstag, 20.03.2012 um 20:00 Uhr im Schulungszentrum der Python Academy in Leipzig ( http://www.python-academy.de/Schulungszentrum/anfahrt.html ). Willkommen ist jeder, der Interesse an Python hat, die Sprache bereits nutzt oder nutzen möchte. Wir werden weiter an unserem Projekt "Python macht Schule" [1] arbeiten. Dabei geht es darum Materialien für Kinder zum Erlernen von Python zu erarbeiten. Für das leibliche Wohl wird gesorgt. Eine Anmeldung unter i...@python-academy.de wäre nett, damit wir genug Essen besorgen können. Aktuelle Informationen zu den Treffen sind unter http://www.python-academy.de/User-Group zu finden. Viele Grüße Mike [1] https://bitbucket.org/PySV/python_macht_schule -- http://mail.python.org/mailman/listinfo/python-announce-list Support the Python Software Foundation: http://www.python.org/psf/donations/