Path: csiph.com!usenet.pasdenom.info!weretis.net!feeder4.news.weretis.net!ecngs!feeder2.ecngs.de!newsfeed.freenet.ag!news2.euro.net!newsgate.cistron.nl!newsgate.news.xs4all.nl!post.news.xs4all.nl!not-for-mail Return-Path: X-Original-To: python-list@python.org Delivered-To: python-list@mail.python.org X-Spam-Status: OK 0.000 X-Spam-Evidence: '*H*': 1.00; '*S*': 0.00; 'wiki': 0.03; '[0]': 0.07; 'objects,': 0.07; 'scripts': 0.09; 'python': 0.09; 'experimental': 0.09; 'received:80.91': 0.09; 'received:80.91.229': 0.09; 'received:gmane.org': 0.09; 'received:list': 0.09; 'throw': 0.09; '"python': 0.16; 'received:80.91.229.3': 0.16; 'received:plane.gmane.org': 0.16; 'scripting.': 0.16; 'scripts.': 0.16; 'wrote:': 0.17; 'url:moin': 0.17; 'all,': 0.21; 'help.': 0.22; 'script': 0.24; 'header:In-Reply-To:1': 0.25; 'header:User- Agent:1': 0.26; 'url:wiki': 0.26; '(see': 0.27; '[1]': 0.27; 'environment.': 0.27; 'question': 0.27; 'authors': 0.27; 'header:X -Complaints-To:1': 0.28; 'environment': 0.29; 'classes': 0.30; 'point': 0.31; 'url:python': 0.32; 'file': 0.32; 'from:addr:yahoo.co.uk': 0.32; 'to:addr:python-list': 0.33; 'thanks': 0.34; 'something': 0.35; 'received:org': 0.36; 'url:org': 0.36; 'modules': 0.36; 'execute': 0.37; 'subject:: ': 0.38; 'mark': 0.38; 'page': 0.38; 'several': 0.39; 'system.': 0.39; 'to:addr:python.org': 0.39; 'header:Received:5': 0.40; 'your': 0.60; 'url:forums': 0.84 X-Injected-Via-Gmane: http://gmane.org/ To: python-list@python.org From: Mark Lawrence Subject: Re: Executing untrusted scripts in a sandboxed environment Date: Sat, 06 Oct 2012 11:36:49 +0100 References: <4hrls608xbax633ej6s1n54j.1349475464556@email.android.com> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Gmane-NNTP-Posting-Host: host-92-24-212-4.ppp.as43234.net User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:15.0) Gecko/20120907 Thunderbird/15.0.1 In-Reply-To: <4hrls608xbax633ej6s1n54j.1349475464556@email.android.com> X-Antivirus: avast! (VPS 121006-0, 06/10/2012), Outbound message X-Antivirus-Status: Clean X-BeenThere: python-list@python.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: General discussion list for the Python programming language List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Newsgroups: comp.lang.python Message-ID: Lines: 28 NNTP-Posting-Host: 2001:888:2000:d::a6 X-Trace: 1349519760 news.xs4all.nl 6888 [2001:888:2000:d::a6]:37087 X-Complaints-To: abuse@xs4all.nl Xref: csiph.com comp.lang.python:30884 On 05/10/2012 23:22, Robin Krahl wrote: > Hi all, > > I need to execute untrusted scripts in my Python application. To avoid security issues, I want to use a sandboxed environment. This means that the script authors have no access to the file system. They may only access objects, modules and classes that are "flagged" or "approved" for scripting. > > I read that I will not be able to do this with Python scripts. (See SandboxedPython page in the Python wiki [0] and several SE.com questions, e. g. [1].) So my question is: What is the best way to "embed" a script engine in a sandboxed environment that has access to the Python modules and classes that I provide? > > Thanks for your help. > > Best regards, > Robin > > [0] http://wiki.python.org/moin/SandboxedPython > [1] http://stackoverflow.com/questions/3068139/how-can-i-sandbox-python-in-pure-python > As good a starting point as any http://www.velocityreviews.com/forums/t716131-challenge-escape-from-the-pysandbox.html ? Also throw "python experimental sandbox" into your search engine and follow your nose, something might come up smelling of roses :) -- Cheers. Mark Lawrence.