Steven Bethard wrote:
> Fuzzyman wrote:
> > Cameron Laird wrote:
> > [snip..]
> >
> >>This is a serious issue.
> >>
> >>It's also one that brings Tcl, mentioned several
> >>times in this thread, back into focus. Tcl presents
> >>the notion of "safe interpreter", that is, a sub-
> >>ordin
Dieter Maurer wrote:
> Steven Bethard <[EMAIL PROTECTED]> writes on Tue, 25 Jan 2005
12:22:13 -0700:
> > Fuzzyman wrote:
> > ...
> > > A better (and of course *vastly* more powerful but unfortunately
only
> > > a dream ;-) is a similarly limited python virutal machine.
>
> I already wrote ab
Steven Bethard <[EMAIL PROTECTED]> writes on Tue, 25 Jan 2005 12:22:13 -0700:
> Fuzzyman wrote:
> ...
> > A better (and of course *vastly* more powerful but unfortunately only
> > a dream ;-) is a similarly limited python virutal machine.
I already wrote about the "RestrictedPython" which is
Jack Diederich wrote:
On Wed, Jan 26, 2005 at 10:23:03AM -0700, Steven Bethard wrote:
Jack Diederich wrote:
Yes, this comes up every couple months and there is only one answer:
This is the job of the OS.
Java largely succeeds at doing sandboxy things because it was written that
way from the ground
On Wed, Jan 26, 2005 at 10:39:18AM -0800, aurora wrote:
> >On Wed, Jan 26, 2005 at 05:18:59PM +0100, Alexander Schremmer wrote:
> >>On Tue, 25 Jan 2005 22:08:01 +0100, I wrote:
> >>
> >> sys.safecall(func, maxcycles=1000)
> >>> could enter the safe mode and call the func.
> >>
> >>This might be
On Wed, Jan 26, 2005 at 10:23:03AM -0700, Steven Bethard wrote:
> Jack Diederich wrote:
> >Yes, this comes up every couple months and there is only one answer:
> >This is the job of the OS.
> >Java largely succeeds at doing sandboxy things because it was written that
> >way from the ground up (to
It is really necessary to build a VM from the ground up that includes OS
ability? What about JavaScript?
On Wed, Jan 26, 2005 at 05:18:59PM +0100, Alexander Schremmer wrote:
On Tue, 25 Jan 2005 22:08:01 +0100, I wrote:
sys.safecall(func, maxcycles=1000)
> could enter the safe mode and call
Jack Diederich wrote:
Yes, this comes up every couple months and there is only one answer:
This is the job of the OS.
Java largely succeeds at doing sandboxy things because it was written that
way from the ground up (to behave both like a program interpreter and an OS).
Python the language was not
On Wed, Jan 26, 2005 at 05:18:59PM +0100, Alexander Schremmer wrote:
> On Tue, 25 Jan 2005 22:08:01 +0100, I wrote:
>
> sys.safecall(func, maxcycles=1000)
> > could enter the safe mode and call the func.
>
> This might be even enhanced like this:
>
> >>> import sys
> >>> sys.safecall(func,
On Tue, 25 Jan 2005 22:08:01 +0100, I wrote:
sys.safecall(func, maxcycles=1000)
> could enter the safe mode and call the func.
This might be even enhanced like this:
>>> import sys
>>> sys.safecall(func, maxcycles=1000,
allowed_domains=['file-IO', 'net-IO', 'devices', 'gui'
Cameron Laird wrote:
In article <[EMAIL PROTECTED]>,
Michael Spencer <[EMAIL PROTECTED]> wrote:
.
.
.
Right - the crux of the problem is how to identify dangerous objects. My point
is that if such as test is possible, then s
In article <[EMAIL PROTECTED]>,
Michael Spencer <[EMAIL PROTECTED]> wrote:
.
.
.
>Right - the crux of the problem is how to identify dangerous objects. My
>point
>is that if such as test is possible, then safe exec is very
On Tue, 25 Jan 2005 12:22:13 -0700, Steven Bethard wrote:
> >>This is a serious issue.
> >>
> >>It's also one that brings Tcl, mentioned several
> >>times in this thread, back into focus. Tcl presents
> >>the notion of "safe interpreter", that is, a sub-
> >>ordinate virtual machine which c
Michael Spencer wrote:
Steven Bethard wrote:
Michael Spencer wrote:
Safe eval recipe posted to cookbook:
http://aspn.activestate.com/ASPN/Cookbook/Python/Recipe/364469
This recipe only evaluates constant expressions
[snip
Indeed. But it's easy to extend this to arbitrary constructs. You just
ne
Steven Bethard wrote:
Michael Spencer wrote:
Safe eval recipe posted to cookbook:
http://aspn.activestate.com/ASPN/Cookbook/Python/Recipe/364469
This recipe only evaluates constant expressions:
"Description:
Evaluate constant expressions, including list, dict and tuple using the
abstract syntax t
Michael Spencer wrote:
Safe eval recipe posted to cookbook:
http://aspn.activestate.com/ASPN/Cookbook/Python/Recipe/364469
This recipe only evaluates constant expressions:
"Description:
Evaluate constant expressions, including list, dict and tuple using the
abstract syntax tree created by compiler
Steven Bethard wrote:
>
> I wish there was a way to, say, exec something with no builtins and
> with import disabled, so you would have to specify all the available
> bindings, e.g.:
>
> exec user_code in dict(ClassA=ClassA, ClassB=ClassB)
>
> but I suspect that even this wouldn't really solve
Steven Bethard wrote:
>
> I wish there was a way to, say, exec something with no builtins and
with
> import disabled, so you would have to specify all the available
> bindings, e.g.:
>
> exec user_code in dict(ClassA=ClassA, ClassB=ClassB)
>
> but I suspect that even this wouldn't really
Fuzzyman wrote:
> Cameron Laird wrote:
> [snip..]
>
>>This is a serious issue.
>>
>>It's also one that brings Tcl, mentioned several
>>times in this thread, back into focus. Tcl presents
>>the notion of "safe interpreter", that is, a sub-
>>ordinate virtual machine which can interpret only
>>speci
19 matches
Mail list logo