Makes sense, will do so.
___
Python-ideas mailing list -- [email protected]
To unsubscribe send an email to [email protected]
https://mail.python.org/mailman3/lists/python-ideas.python.org/
Message archived at
https://mail.python.org/ar
I really appreciate the pointers, thank you. I will look into them.
___
Python-ideas mailing list -- [email protected]
To unsubscribe send an email to [email protected]
https://mail.python.org/mailman3/lists/python-ideas.python.org/
Mess
Thank you for your insight.
>I hope you are at least aware that over the years various multi-year attempts
>to create Python sandboxes ultimately failed to the point of being altogether
>abandoned.
Yes I am, I have looked at pysandbox and RestrictedPython and I believe my
approach, albeit very
Have you looked at the diff? It's not "1000+" commits as you claim. It's 17
commits with most being README changes. The base is not the master branch but
the 3.11.0 release.
https://github.com/python/cpython/compare/3.11...R9295:cpython:policy
I do not see why you cannot audit and run this (or
Thank you for the insight. I have some more work to do! I will share on this
thread again when I've made further changes.
If you have some time, I would be grateful if you could share a few test cases
such as "bypass it by spinning off a new thread", or.
object.__subclasses__. code is not nece
I override the import mechanism in cpython, so yes, the __import__ function is
also accounted for.
The sys.modules was something I had not considered, that's a good point. I will
have to look into it.
I am not sure how arbitrary code execution will be able to use native APIs
without importing t
With Python being a language heavily utilized in server and end-user
applications, I would take a different approach for both. I have to admit I
haven't thought much about the "normal user" in this case and focused primarily
on developers. Perhaps developers shipping an application ship the code
Could you elaborate on how Python code can easily bypass that sort of
restriction?
>From my understanding, you can only do so with importlib by reading the raw
>source and evaluating it. In that case, I can just restrict importlib? Same
>with the open function which is from the io module which
Hello all,
Supply chain attacks are becoming a pressing concern in software development
due to the large number of dependencies and multiple attack vectors. Using
third party modules (libraries, packages etc) is always a risk but the true
potential of these attacks is now being weaponized. One
