Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.lang.python > #30879
| References | <4hrls608xbax633ej6s1n54j.1349475464556@email.android.com> <mailman.1894.1349507969.27098.python-list@python.org> <3585c6f6-4152-4163-873b-396a0f73ba3b@googlegroups.com> |
|---|---|
| Date | 2012-10-06 19:23 +1000 |
| Subject | Re: Executing untrusted scripts in a sandboxed environment |
| From | Chris Angelico <rosuav@gmail.com> |
| Newsgroups | comp.lang.python |
| Message-ID | <mailman.1897.1349515398.27098.python-list@python.org> (permalink) |
On Sat, Oct 6, 2012 at 7:10 PM, Ramchandra Apte <maniandram01@gmail.com> wrote: > On Saturday, 6 October 2012 12:49:29 UTC+5:30, Chris Angelico wrote: >> On Sat, Oct 6, 2012 at 8:22 AM, Robin Krahl <me@robin-krahl.de> wrote: >> > What is the best way to "embed" a script engine in a sandboxed environment that has access to the Python modules and classes that I provide? >> >> With extreme difficulty. > > Something like ast.literal_eval may be useful. Not really; it's hardly sufficient. That sort of feature is handy for making an expression evaluator; for instance, you could implement a powerful calculator with it. But it's far too limited for most applications. The main problem is permitting some of the basic builtins (like True, False, len(), etc), without those objects being used as gateways. Did you know, for instance, that len.__self__.open() can be used to read and write files on the file system? ChrisA
Back to comp.lang.python | Previous | Next — Previous in thread | Find similar | Unroll thread
Re: Executing untrusted scripts in a sandboxed environment Chris Angelico <rosuav@gmail.com> - 2012-10-06 17:19 +1000
Re: Executing untrusted scripts in a sandboxed environment Ramchandra Apte <maniandram01@gmail.com> - 2012-10-06 02:10 -0700
Re: Executing untrusted scripts in a sandboxed environment Chris Angelico <rosuav@gmail.com> - 2012-10-06 19:23 +1000
csiph-web