Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.lang.python > #2540
| Path | csiph.com!x330-a1.tempe.blueboxinc.net!usenet.pasdenom.info!news.albasani.net!feeder.news-service.com!newsfeed.xs4all.nl!newsfeed6.news.xs4all.nl!xs4all!post.news.xs4all.nl!not-for-mail |
|---|---|
| Return-Path | <rosuav@gmail.com> |
| X-Original-To | python-list@python.org |
| Delivered-To | python-list@mail.python.org |
| X-Spam-Status | OK 0.000 |
| X-Spam-Evidence | '*H*': 1.00; '*S*': 0.00; 'python,': 0.01; 'subject:module': 0.04; 'instance,': 0.05; 'skip:p 60': 0.05; 'string,': 0.05; 'mess': 0.07; 'symbols': 0.07; 'python': 0.07; 'can.': 0.09; 'disable': 0.09; 'empty,': 0.09; 'function:': 0.09; 'globals': 0.09; 'hash': 0.09; 'interpreter,': 0.09; 'top-level': 0.09; 'variables.': 0.09; 'am,': 0.14; 'wrote:': 0.14; 'subject:python': 0.15; '(note:': 0.16; '.py': 0.16; 'altogether,': 0.16; 'dictionary,': 0.16; 'dictionary:': 0.16; 'pymethoddef': 0.16; 'code.': 0.18; 'input': 0.18; 'stuff': 0.18; 'importing': 0.19; 'situation.': 0.19; 'wondering': 0.19; 'modules': 0.20; 'code,': 0.20; 'work,': 0.20; '(or': 0.22; 'code': 0.22; 'header:In-Reply-To:1': 0.22; 'file,': 0.22; 'insert': 0.22; 'manually': 0.22; 'mon,': 0.22; 'do,': 0.22; 'module,': 0.23; 'objects': 0.24; 'point,': 0.25; 'assume': 0.25; 'creating': 0.26; 'script': 0.26; 'define': 0.26; 'environment': 0.26; 'environment.': 0.26; 'chris': 0.27; 'function': 0.27; 'message-id:@mail.gmail.com': 0.28; 'loaded': 0.29; 'certainly': 0.29; 'matches': 0.29; 'do.': 0.31; 'server.': 0.31; 'construct': 0.31; 'lock': 0.31; 'more)': 0.31; 'import': 0.32; 'called': 0.32; 'to:addr:python-list': 0.32; 'done': 0.32; 'idea': 0.32; "i've": 0.33; 'option': 0.33; 'things': 0.33; 'someone': 0.33; 'bit': 0.33; 'fairly': 0.33; '(for': 0.33; 'uses': 0.34; 'file': 0.35; 'that,': 0.35; 'couple': 0.35; 'maintained': 0.35; 'skip:f 40': 0.35; 'hello,': 0.36; 'none': 0.36; 'problem.': 0.36; 'enough': 0.37; 'else': 0.37; 'some': 0.37; 'received:209.85': 0.37; 'apr': 0.38; 'received:google.com': 0.38; 'ways': 0.38; 'but': 0.38; 'third': 0.38; 'unless': 0.38; 'set': 0.39; 'to:addr:python.org': 0.39; 'could': 0.39; 'received:209': 0.39; 'add': 0.39; 'similar': 0.40; "it's": 0.40; 'header:Received:5': 0.40; 'might': 0.40; '2011': 0.62; 'making': 0.62; 'wide': 0.63; 'ever': 0.65; 'reads': 0.65; 'what,': 0.68; 'states': 0.69; "'true'": 0.84; '10:44': 0.84; 'nathan': 0.84; 'received:209.85.210.174': 0.84; 'received :mail-iy0-f174.google.com': 0.84; 'safe;': 0.84 |
| DKIM-Signature | v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:in-reply-to:references:date :message-id:subject:from:to:content-type:content-transfer-encoding; bh=OqNBzzHr7LQsAJQKr78ONmE/oU6lBJiXv9sC6UVIlYc=; b=TQmRolCLjRpeG3OV50em7nhSCsp5GoD3vdHAScBdR2dAONq/rKsqS0R66LbPJsleSD 0kmmfTbVZ34rl01SAVWt4JALhlfB9+wXrX6C6CAACb9TBD1Ne+CGyq7hg22hdUTgufEO ZM9dL5DwCQbabbkOJPWELv/DxTnD3tEuwJkzU= |
| DomainKey-Signature | a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; b=dZgFRY5BLzyeaqQ5n3RR3IDG6ptxeVD/63Ys3++ACS6KtgJ0Y/ITj86W2Fww01fkGu lgJpjK3VbjHHWvQVwOfBqs3YPsgrqm/NuTo+8MV3CBdl53r9HI6RFTMPK09QvGOU7Hzo lnGLW12Ypk0xUBvPAq6HFhDgh6twne/fTVBCI= |
| MIME-Version | 1.0 |
| In-Reply-To | <BANLkTinWBwXWP0BTMJjd2=CxWqNJjLpY3Q@mail.gmail.com> |
| References | <BANLkTinWBwXWP0BTMJjd2=CxWqNJjLpY3Q@mail.gmail.com> |
| Date | Mon, 4 Apr 2011 11:03:07 +1000 |
| Subject | Re: Looking for ideas on controlling python module loading |
| From | Chris Angelico <rosuav@gmail.com> |
| To | python-list@python.org |
| Content-Type | text/plain; charset=ISO-8859-1 |
| Content-Transfer-Encoding | quoted-printable |
| X-BeenThere | python-list@python.org |
| X-Mailman-Version | 2.1.12 |
| Precedence | list |
| List-Id | General discussion list for the Python programming language <python-list.python.org> |
| List-Unsubscribe | <http://mail.python.org/mailman/options/python-list>, <mailto:python-list-request@python.org?subject=unsubscribe> |
| List-Archive | <http://mail.python.org/pipermail/python-list> |
| List-Post | <mailto:python-list@python.org> |
| List-Help | <mailto:python-list-request@python.org?subject=help> |
| List-Subscribe | <http://mail.python.org/mailman/listinfo/python-list>, <mailto:python-list-request@python.org?subject=subscribe> |
| Newsgroups | comp.lang.python |
| Message-ID | <mailman.175.1301878996.2990.python-list@python.org> (permalink) |
| Lines | 57 |
| NNTP-Posting-Host | 82.94.164.166 |
| X-Trace | 1301878997 news.xs4all.nl 41103 [::ffff:82.94.164.166]:44321 |
| X-Complaints-To | abuse@xs4all.nl |
| Xref | x330-a1.tempe.blueboxinc.net comp.lang.python:2540 |
Show key headers only | View raw
On Mon, Apr 4, 2011 at 10:44 AM, Nathan Coulson <conathan@gmail.com> wrote:
> Hello, I am working on a client/server program (game) that uses C w/
> an embedded python interpreter, that uses python to script what
> objects do in the game. (primarily a C environment)
>
> I was wondering if it is possible to control what modules get loaded
> (or not). perhaps by determining if the hash of the local file
> matches a hash provided by the server.
>
> I was also wondering, if you could construct a module, without a .py
> file, and define functions and variables.
You certainly can. I assume your idea is that you write the C code,
but someone else can write the Python, and you want to lock it down?
That's what I have in this system at work, and it's fairly easy to
sandbox.
(Note: This uses Python 2. Some things may be different in Python 3.)
There's three easy ways to set up the global dictionary:
1) py_globals=PyDict_New(); //Completely empty, not very useful. You
don't even get stuff like 'True' unless you manually add them.
2) py_globals=PyModule_GetDict(PyImport_AddModule("__main__")); //This
gives an environment similar to IDLE. Fairly wide open.
3) py_globals=PyModule_GetDict(PyImport_AddModule("__builtin__"));
//Restricted environment.
Go with the third option and you get easy control over what the Python
code can do. I then disable a number of functions with
PyDict_DelItemString (for instance, input and raw_input - my program
has no console); you could alternatively replace those symbols with
something of your own (maybe replace raw_input with something that
reads from the socket??), or leave them if they're not going to be a
problem.
What I did was to disable importing altogether, and import a specific
set of modules (math, string, and a couple more) manually. That
ensures that, no matter what, the sandbox is safe; but this might not
be well suited to your situation.
As to creating modules - I've never done that per se, but it's easy
enough to create a Py-callable function inside your C code. In what I
do, it's easier to simply insert that into the globals dictionary,
making it a top-level function:
PyMethodDef fnc={"functionname",functionname,1,"Function Description"};
PyDict_SetItemString(py_globals,"functionname",PyCFunction_New(&fnc,0));
Note by the way that I "cheat" the refcounting a bit with this
initialization code, since it is only ever called once and then the
global state is maintained through the whole program. If you need
multiple states or need to clean up the mess at some point, you may
need to check the refcounts to make sure none are leaked.
Hope that's of value!
Chris Angelico
Back to comp.lang.python | Previous | Next | Find similar | Unroll thread
Re: Looking for ideas on controlling python module loading Chris Angelico <rosuav@gmail.com> - 2011-04-04 11:03 +1000
csiph-web