On Fri, Nov 19, 2021 at 7:09 AM lucas <sjluk...@gmail.com> wrote: > > hello one and all, > > are there any other ways to import a module or package other then the > "import" or "from...import..." statements? i ask because i'm allowing > programming on my web2py website and i don't want any accessing packages like > os or sys. > > thank you in advance and have a great day, lucas >
Yes, there are many. For starters, the importlib module can do anything that importing can do, as can the __import__ function. Plus, with Python code, you could open the file, read from it, and exec it. There are myriad ways to fetch up code, and it's even possible to break out of a sandbox without ever using a single underscore. If you're trying to make a Python-in-Python sandbox, I recommend not. Instead, use an OS-level sandbox (a chroot, probably some sort of CPU usage limiting, etc), and use that to guard the entire Python process. Python-in-Python will basically *never* be secure. ChrisA -- https://mail.python.org/mailman/listinfo/python-list
