Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.lang.python > #30879
| Path | csiph.com!usenet.pasdenom.info!aioe.org!news.stack.nl!newsfeed.xs4all.nl!newsfeed5.news.xs4all.nl!xs4all!post.news.xs4all.nl!not-for-mail |
|---|---|
| Return-Path | <rosuav@gmail.com> |
| X-Original-To | python-list@python.org |
| Delivered-To | python-list@mail.python.org |
| X-Spam-Status | OK 0.009 |
| X-Spam-Evidence | '*H*': 0.98; '*S*': 0.00; 'true,': 0.04; 'false,': 0.07; 'python': 0.09; 'builtins': 0.09; 'system?': 0.09; '(like': 0.15; 'sat,': 0.15; 'calculator': 0.16; 'from:addr:rosuav': 0.16; 'from:name:chris angelico': 0.16; 'oct': 0.16; 'wrote:': 0.17; 'instance,': 0.17; 'sort': 0.21; 'received:209.85.214.174': 0.21; 'feature': 0.24; 'script': 0.24; 'header:In-Reply-To:1': 0.25; 'am,': 0.27; 'message-id:@mail.gmail.com': 0.27; 'chris': 0.28; 'environment': 0.29; 'objects': 0.29; 'classes': 0.30; 'basic': 0.30; 'implement': 0.32; 'file': 0.32; 'could': 0.32; 'problem': 0.33; 'to:addr:python-list': 0.33; 'received:google.com': 0.34; 'pm,': 0.35; 'received:209.85': 0.35; 'something': 0.35; 'but': 0.36; 'modules': 0.36; 'too': 0.36; 'october': 0.37; 'being': 0.37; 'received:209': 0.37; 'far': 0.37; 'subject:: ': 0.38; 'files': 0.38; 'some': 0.38; 'to:addr:python.org': 0.39; 'received:209.85.214': 0.39; 'header:Received:5': 0.40; 'most': 0.61; 'making': 0.64; 'useful.': 0.65; 'etc),': 0.84; 'hardly': 0.84 |
| DKIM-Signature | v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=4nne4PoRX+3idWwZxWoYnPNNoykiji6eB+ioh/mv6E8=; b=zFDrlFLgI21CeFm1KYYxKvJKPyHWiiV3nCq8p5UVmYu56W0vjGWfTHEQ5CoCr6kCN3 DHNao8DfQunlW9tZPBf+H4G3gfOJowOXSjpNtD79NGsTVRzSBLfVvHCUvxcu46wRVP65 tnUA2iPB7ifr3ikPMx9aVLNQlFg+/ZB9vX9JWDkW5OskVTrEMKpnlPokL+tXuoLxGqkU tiUW+Lzrd+LqL3qokYpTCIfNdOIapB/Gau5syT5ilVg6H/TqM7VVCSdihsPUFuCcVg1/ 7QcvIqg+yTi5jJ94RxOgwUXtaPSglbRZ47FIWYx7FohJbsX/ga1W/M2LIabyfYjgz9dV HwVA== |
| MIME-Version | 1.0 |
| In-Reply-To | <3585c6f6-4152-4163-873b-396a0f73ba3b@googlegroups.com> |
| References | <4hrls608xbax633ej6s1n54j.1349475464556@email.android.com> <mailman.1894.1349507969.27098.python-list@python.org> <3585c6f6-4152-4163-873b-396a0f73ba3b@googlegroups.com> |
| Date | Sat, 6 Oct 2012 19:23:16 +1000 |
| Subject | Re: Executing untrusted scripts in a sandboxed environment |
| From | Chris Angelico <rosuav@gmail.com> |
| To | python-list@python.org |
| Content-Type | text/plain; charset=ISO-8859-1 |
| X-BeenThere | python-list@python.org |
| X-Mailman-Version | 2.1.15 |
| Precedence | list |
| List-Id | General discussion list for the Python programming language <python-list.python.org> |
| List-Unsubscribe | <http://mail.python.org/mailman/options/python-list>, <mailto:python-list-request@python.org?subject=unsubscribe> |
| List-Archive | <http://mail.python.org/pipermail/python-list/> |
| List-Post | <mailto:python-list@python.org> |
| List-Help | <mailto:python-list-request@python.org?subject=help> |
| List-Subscribe | <http://mail.python.org/mailman/listinfo/python-list>, <mailto:python-list-request@python.org?subject=subscribe> |
| Newsgroups | comp.lang.python |
| Message-ID | <mailman.1897.1349515398.27098.python-list@python.org> (permalink) |
| Lines | 20 |
| NNTP-Posting-Host | 2001:888:2000:d::a6 |
| X-Trace | 1349515398 news.xs4all.nl 6954 [2001:888:2000:d::a6]:45396 |
| X-Complaints-To | abuse@xs4all.nl |
| Xref | csiph.com comp.lang.python:30879 |
Show key headers only | View raw
On Sat, Oct 6, 2012 at 7:10 PM, Ramchandra Apte <maniandram01@gmail.com> wrote: > On Saturday, 6 October 2012 12:49:29 UTC+5:30, Chris Angelico wrote: >> On Sat, Oct 6, 2012 at 8:22 AM, Robin Krahl <me@robin-krahl.de> wrote: >> > What is the best way to "embed" a script engine in a sandboxed environment that has access to the Python modules and classes that I provide? >> >> With extreme difficulty. > > Something like ast.literal_eval may be useful. Not really; it's hardly sufficient. That sort of feature is handy for making an expression evaluator; for instance, you could implement a powerful calculator with it. But it's far too limited for most applications. The main problem is permitting some of the basic builtins (like True, False, len(), etc), without those objects being used as gateways. Did you know, for instance, that len.__self__.open() can be used to read and write files on the file system? ChrisA
Back to comp.lang.python | Previous | Next — Previous in thread | Find similar | Unroll thread
Re: Executing untrusted scripts in a sandboxed environment Chris Angelico <rosuav@gmail.com> - 2012-10-06 17:19 +1000
Re: Executing untrusted scripts in a sandboxed environment Ramchandra Apte <maniandram01@gmail.com> - 2012-10-06 02:10 -0700
Re: Executing untrusted scripts in a sandboxed environment Chris Angelico <rosuav@gmail.com> - 2012-10-06 19:23 +1000
csiph-web