Steven Bethard wrote:
Fuzzyman wrote:
Cameron Laird wrote:
[snip..]
This is a serious issue.
It's also one that brings Tcl, mentioned several
times in this thread, back into focus. Tcl presents
the notion of safe interpreter, that is, a sub-
ordinate virtual machine which
Dieter Maurer wrote:
Steven Bethard [EMAIL PROTECTED] writes on Tue, 25 Jan 2005
12:22:13 -0700:
Fuzzyman wrote:
...
A better (and of course *vastly* more powerful but unfortunately
only
a dream ;-) is a similarly limited python virutal machine.
I already wrote about the
Steven Bethard [EMAIL PROTECTED] writes on Tue, 25 Jan 2005 12:22:13 -0700:
Fuzzyman wrote:
...
A better (and of course *vastly* more powerful but unfortunately only
a dream ;-) is a similarly limited python virutal machine.
I already wrote about the RestrictedPython which is part of
On Tue, 25 Jan 2005 22:08:01 +0100, I wrote:
sys.safecall(func, maxcycles=1000)
could enter the safe mode and call the func.
This might be even enhanced like this:
import sys
sys.safecall(func, maxcycles=1000,
allowed_domains=['file-IO', 'net-IO', 'devices', 'gui'],
On Wed, Jan 26, 2005 at 05:18:59PM +0100, Alexander Schremmer wrote:
On Tue, 25 Jan 2005 22:08:01 +0100, I wrote:
sys.safecall(func, maxcycles=1000)
could enter the safe mode and call the func.
This might be even enhanced like this:
import sys
sys.safecall(func, maxcycles=1000,
Jack Diederich wrote:
Yes, this comes up every couple months and there is only one answer:
This is the job of the OS.
Java largely succeeds at doing sandboxy things because it was written that
way from the ground up (to behave both like a program interpreter and an OS).
Python the language was
It is really necessary to build a VM from the ground up that includes OS
ability? What about JavaScript?
On Wed, Jan 26, 2005 at 05:18:59PM +0100, Alexander Schremmer wrote:
On Tue, 25 Jan 2005 22:08:01 +0100, I wrote:
sys.safecall(func, maxcycles=1000)
could enter the safe mode and call the
On Wed, Jan 26, 2005 at 10:23:03AM -0700, Steven Bethard wrote:
Jack Diederich wrote:
Yes, this comes up every couple months and there is only one answer:
This is the job of the OS.
Java largely succeeds at doing sandboxy things because it was written that
way from the ground up (to behave
On Wed, Jan 26, 2005 at 10:39:18AM -0800, aurora wrote:
On Wed, Jan 26, 2005 at 05:18:59PM +0100, Alexander Schremmer wrote:
On Tue, 25 Jan 2005 22:08:01 +0100, I wrote:
sys.safecall(func, maxcycles=1000)
could enter the safe mode and call the func.
This might be even enhanced like
Jack Diederich wrote:
On Wed, Jan 26, 2005 at 10:23:03AM -0700, Steven Bethard wrote:
Jack Diederich wrote:
Yes, this comes up every couple months and there is only one answer:
This is the job of the OS.
Java largely succeeds at doing sandboxy things because it was written that
way from the
Fuzzyman wrote:
Cameron Laird wrote:
[snip..]
This is a serious issue.
It's also one that brings Tcl, mentioned several
times in this thread, back into focus. Tcl presents
the notion of safe interpreter, that is, a sub-
ordinate virtual machine which can interpret only
specific commands.
Steven Bethard wrote:
I wish there was a way to, say, exec something with no builtins and
with
import disabled, so you would have to specify all the available
bindings, e.g.:
exec user_code in dict(ClassA=ClassA, ClassB=ClassB)
but I suspect that even this wouldn't really solve
Steven Bethard wrote:
I wish there was a way to, say, exec something with no builtins and
with import disabled, so you would have to specify all the available
bindings, e.g.:
exec user_code in dict(ClassA=ClassA, ClassB=ClassB)
but I suspect that even this wouldn't really solve the
Steven Bethard wrote:
Michael Spencer wrote:
Safe eval recipe posted to cookbook:
http://aspn.activestate.com/ASPN/Cookbook/Python/Recipe/364469
This recipe only evaluates constant expressions:
Description:
Evaluate constant expressions, including list, dict and tuple using the
abstract syntax
Michael Spencer wrote:
Steven Bethard wrote:
Michael Spencer wrote:
Safe eval recipe posted to cookbook:
http://aspn.activestate.com/ASPN/Cookbook/Python/Recipe/364469
This recipe only evaluates constant expressions
[snip
Indeed. But it's easy to extend this to arbitrary constructs. You just
In article [EMAIL PROTECTED],
Michael Spencer [EMAIL PROTECTED] wrote:
.
.
.
Right - the crux of the problem is how to identify dangerous objects. My
point
is that if such as test is possible, then safe exec is very easily
Cameron Laird wrote:
In article [EMAIL PROTECTED],
Michael Spencer [EMAIL PROTECTED] wrote:
.
.
.
Right - the crux of the problem is how to identify dangerous objects. My point
is that if such as test is possible, then safe
17 matches
Mail list logo