Path: csiph.com!usenet.pasdenom.info!news.albasani.net!newsfeed.freenet.ag!news2.euro.net!newsgate.cistron.nl!newsgate.news.xs4all.nl!post.news.xs4all.nl!not-for-mail Return-Path: X-Original-To: python-list@python.org Delivered-To: python-list@mail.python.org X-Spam-Status: OK 0.000 X-Spam-Evidence: '*H*': 1.00; '*S*': 0.00; 'wiki': 0.03; 'languages,': 0.04; '[0]': 0.07; 'objects,': 0.07; 'scripts': 0.09; 'python': 0.09; 'to:addr:comp.lang.python': 0.09; 'url:pypy': 0.09; 'variants': 0.09; 'cc:addr:python-list': 0.10; 'ironpython': 0.16; 'runtimes': 0.16; 'scripting.': 0.16; 'scripts.': 0.16; 'wrote:': 0.17; 'url:moin': 0.17; 'all,': 0.21; 'java': 0.21; 'help.': 0.22; 'cc:2**0': 0.23; 'cc:no real name:2**0': 0.24; 'script': 0.24; 'cc:addr:python.org': 0.25; 'header:In-Reply-To:1': 0.25; 'header :User-Agent:1': 0.26; 'url:wiki': 0.26; '(see': 0.27; '[1]': 0.27; 'environment.': 0.27; 'question': 0.27; '(as': 0.27; 'authors': 0.27; 'environment': 0.29; 'restricted': 0.29; '"the': 0.29; 'classes': 0.30; 'url:python': 0.32; 'file': 0.32; 'received:google.com': 0.34; 'thanks': 0.34; 'received:209.85': 0.35; 'url:org': 0.36; 'modules': 0.36; 'execute': 0.37; 'october': 0.37; 'received:209': 0.37; 'received:209.85.216': 0.37; 'subject:: ': 0.38; 'url:en': 0.38; 'page': 0.38; 'several': 0.39; 'system.': 0.39; 'your': 0.60; 'execution,': 0.91; 'url:sandbox': 0.95 Newsgroups: comp.lang.python Date: Sat, 6 Oct 2012 02:11:54 -0700 (PDT) In-Reply-To: Complaints-To: groups-abuse@google.com Injection-Info: glegroupsg2000goo.googlegroups.com; posting-host=122.167.240.170; posting-account=uPFZNQoAAAAm9w7z13q1SjWNKNjztdcD References: User-Agent: G2/1.0 X-Google-Web-Client: true X-Google-IP: 122.167.240.170 MIME-Version: 1.0 Subject: Re: Executing untrusted scripts in a sandboxed environment From: Ramchandra Apte To: comp.lang.python@googlegroups.com Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Cc: python-list@python.org X-BeenThere: python-list@python.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: General discussion list for the Python programming language List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Message-ID: Lines: 28 NNTP-Posting-Host: 2001:888:2000:d::a6 X-Trace: 1349514717 news.xs4all.nl 6985 [2001:888:2000:d::a6]:37238 X-Complaints-To: abuse@xs4all.nl Xref: csiph.com comp.lang.python:30878 On Saturday, 6 October 2012 04:00:08 UTC+5:30, Robin Krahl wrote: > Hi all, >=20 > I need to execute untrusted scripts in my Python application. To avoid se= curity issues, I want to use a sandboxed environment. This means that the s= cript authors have no access to the file system. They may only access objec= ts, modules and classes that are "flagged" or "approved" for scripting. >=20 > I read that I will not be able to do this with Python scripts. (See Sandb= oxedPython page in the Python wiki [0] and several SE.com questions, e. g. = [1].) So my question is: What is the best way to "embed" a script engine in= a sandboxed environment that has access to the Python modules and classes = that I provide? >=20 > Thanks for your help. >=20 > Best regards, > Robin >=20 > [0] http://wiki.python.org/moin/SandboxedPython > [1] http://stackoverflow.com/questions/3068139/how-can-i-sandbox-python-i= n-pure-python >From http://wiki.python.org/moin/SandboxedPython "The Java and CLR/.NET runtimes support restricted execution, and these can= be utilised through the Jython and IronPython variants of Python (as well = as by other languages, obviously)." You can also check out http://doc.pypy.org/en/latest/sandbox.html for PyPy'= s sandbox