Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.lang.python > #30884 > unrolled thread

Re: Executing untrusted scripts in a sandboxed environment

Back to article view | Back to comp.lang.python

This discussion starts older than the indexed window; earlier articles aren't shown. The article labeled Started by below is the oldest one visible, not the original post.

Contents

  Re: Executing untrusted scripts in a sandboxed environment Mark Lawrence <breamoreboy@yahoo.co.uk> - 2012-10-06 11:36 +0100

#30884 — Re: Executing untrusted scripts in a sandboxed environment

On 05/10/2012 23:22, Robin Krahl wrote:
> Hi all,
>
> I need to execute untrusted scripts in my Python application. To avoid security issues, I want to use a sandboxed environment. This means that the script authors have no access to the file system. They may only access objects, modules and classes that are "flagged" or "approved" for scripting.
>
> I read that I will not be able to do this with Python scripts. (See SandboxedPython page in the Python wiki [0] and several SE.com questions, e. g. [1].) So my question is: What is the best way to "embed" a script engine in a sandboxed environment that has access to the Python modules and classes that I provide?
>
> Thanks for your help.
>
> Best regards,
>      Robin
>
> [0] http://wiki.python.org/moin/SandboxedPython
> [1] http://stackoverflow.com/questions/3068139/how-can-i-sandbox-python-in-pure-python
>

As good a starting point as any 
http://www.velocityreviews.com/forums/t716131-challenge-escape-from-the-pysandbox.html 
?

Also throw "python experimental sandbox" into your search engine and 
follow your nose, something might come up smelling of roses :)

-- 
Cheers.

Mark Lawrence.

[toc] | [standalone]

Back to top | Article view | comp.lang.python

csiph-web