Re: [pygame] Running 'cmd' module as a pythread?

[Rikard Bosnjakovic]

On 3/14/07, JoN [EMAIL PROTECTED] wrote:


(For some bizarre reason this never seems to have made it to the list.


It did.

--
- Rikard.

Re: [pygame] Running 'cmd' module as a pythread?

[Lenard Lindstrom]

JoN wrote:

(For some bizarre reason this never seems to have made it to the list.
Here it is again).

  


It was posted as a reply to BUG: problem with surface clipping region.


I know this is a python rather than pygame issue, but with all the multithreaded
talent on this list I thought somebody might have answers.

Has anybody here had experience with running the 'cmd' module:

http://docs.python.org/lib/module-cmd.html

-as a python thread?

Reasoning - I have a multithreaded environment and I dont want to write my own
command interpreter.  Rather I just want to be able to pretend to be a humble
thread and issue lock/unlock etc commands as any other thread would (ignore
thread-safety issues with modules for now, the other threads only use my 
modules).

Or a different command interpreter, if there is one?
  


It should work. Just keep all command interpreter management stuff in 
the same thread.


--
Lenard Lindstrom
[EMAIL PROTECTED]

Re: [pygame] Python bots in Galcon (or your game!) safe_eval

[Phil Hassey]

Quick update here:

- I've moved this code into a svn repository:
svn://www.imitationpickles.org/pysafe/trunk 
I've stripped the tests and notes and other misc. junk out of safe.py and put 
them in separate files so that safe.py is nice and small and easy to look at.

Since my initial mention here, a number of notable bugs have been caught
- removing type() - the biggest
- catching unicode __'s 
- lots of inner-reworking with better understanding of how python handles exec
- more and more tests 

My current biggest concern is the _BUILTIN_OK list.  If you look below it, I 
have a copy of the same from Zope.  They don't include some items that I do 
include - such as filter and slice and object.  Anyone know if those 
functions can be used for naughty activities?  Or why Zope excludes them?

Thanks for all the help!
Phil


Phil Hassey [EMAIL PROTECTED] wrote: Hey,

I spent some time today working on building a safe_eval function that would 
make it safe to run user submitted bots in games (Galcon, being that game ;)

http://www.imitationpickles.org/tmp/safe.py

The file includes links to a number of references on the topic, and why likely 
this won't work.  Anyway - I know a lot of you wanted to make bots for Galcon, 
so that's why I'm trying to put this together.  So if anyone can find security 
holes in my implementation, it would be a huge help - the more I find and get 
patched the more likely I am to actually release Galcon with ability for 
bot-plugins.

The known limitations at the top are things that I don't really want to fix - 
they are just limitations.  :)  I'm mainly interested in limiting what a bot 
can access (say other parts of the game code) and keeping them from using 
builtins like files, etc.

The two things I do in this script are:
- Step through the AST tree  and reject scripts that use any non-whitelisted 
node types.  A lot of python features are dropped, but enough are kept for 
building decent bots (the main bot from Galcon is ok as far as safe.py is 
concerned.)  I pretty much reject anything that falls into the magic category - 
generators, imports, execs, exceptions, etc...
- Replace non-whitelisted builtins with a function that raises an exception 
you used a bad builtin!, runs exec code in context and then restores all 
the builtins.

Anyway, feel free to poke around the code.  I think a working safe_eval would 
be a huge asset for games developed in python that want to have user submitted 
mods / bots.

Thanks!
Phil
   

-
It's here! Your new message!
Get  new email alerts with the free Yahoo! Toolbar.

 
-
8:00? 8:25? 8:40?  Find a flick in no time
 with theYahoo! Search movie showtime shortcut.