On Wed, Apr 6, 2016, at 21:45, Steven D'Aprano wrote: > And you would have to do something about the unfortunate matter that > modules > have a reference to the unrestricted __builtins__: > > py> os.__builtins__['eval'] > <built-in function eval>
Well, I thought that the solution being discussed uses AST to generally forbid accessing attributes beginning with _ (you could also implement a whitelist there) > And because modules are singletons, it's not just a matter of replacing > the > __builtins__ with a more restrictive one, as that would affect trusted > modules outside the sandbox too. There's nothing actually preventing creating a module with the same name as a "real" one, not registered in sys.modules, and having it in the sandbox's sys.modules (the sandbox's sys module itself being a fake module) to be imported by the sandbox's __import__. __import__ doesn't even have to return a module - you could return some other object, maybe one that proxies whitelisted name accesses to the real module. -- https://mail.python.org/mailman/listinfo/python-list
