pysandbox 1.5 released

2012-03-20 Thread Victor Stinner
pysandbox is a Python sandbox. By default, untrusted code executed in
the sandbox cannot modify the environment (write a file, use print or
import a module). But you can configure the sandbox to choose exactly
which features are allowed or not, e.g. import sys module and read
/etc/issue file.

Main changes since pysandbox 1.0.3:

 - More modules and functions are allowed: math, random and time
modules, and the compile() builtin function for example
 - Drop the timeout feature: it was not effective on CPU intensive
functions implemented in C
 - (Read the ChangeLog to see all changes.)

pysandbox has known limitations:

 - it is unable to limit memory or CPU
 - it does not protect against bugs (e.g. crash) or vulnerabilities in CPython
 - dict methods able to modify a dict (e.g. dict.update) are disabled
to protect the sandbox namespace, but dict[key]=value is still

It is recommanded to run untrusted code in a subprocess to workaround
these limitations. pysandbox doesn't provide an helper yet.

pysandbox is used by an IRC bot (fschfsch) to evaluate a Python
expression. The bot uses fork() and setrlimit() to limit memory and to
implement a timeout.


The limitation on dict methods is required to deny the modification of
the __builtins__ dictionary. I proposed the PEP 416 (frozendict) but
Guido van Rossum is going to reject it. I don't see how to fix this
limitation without modifying CPython.


Support the Python Software Foundation:

[ANN] Leipzig Python User Group - Meeting, March 20, 2012, 08:00 p.m.

2012-03-20 Thread Mike Müller
=== Leipzig Python User Group ===

We will meet on Tuesday, March 20 at 8:00 p.m. at the training
center of Python Academy in Leipzig, Germany
( ).

Everybody who uses Python, plans to do so or is interested in
learning more about the language is encouraged to participate.

We will continue to work on our project "Python macht Schule" [1]
creating Python teaching material for kids.

While the meeting language will be mainly German, we will provide
English translation if needed.

Food and soft drinks are provided. Please send a short
confirmation mail to, so we can prepare

Current information about the meetings are at .



== Leipzig Python User Group ===

Wir treffen uns am Dienstag, 20.03.2012 um 20:00 Uhr
im Schulungszentrum der Python Academy in Leipzig
( ).

Willkommen ist jeder, der Interesse an Python hat, die Sprache
bereits nutzt oder nutzen möchte.

Wir werden weiter an unserem Projekt "Python macht Schule" [1]
arbeiten. Dabei geht es darum Materialien für Kinder zum Erlernen
von Python zu erarbeiten.

Für das leibliche Wohl wird gesorgt. Eine Anmeldung unter wäre nett, damit wir genug Essen
besorgen können.

Aktuelle Informationen zu den Treffen sind unter zu finden.

Viele Grüße


Support the Python Software Foundation: