Hello, I am writing a pure-Python game engine that interprets the code of game objects within the same process with the exec statement. My main goal is to make as much power available as possible and exec seems like the best way to do that.
This is my "proof-of-concept" code(only 18 lines and some whitespace, including the test): http://people.ucsc.edu/~jhofmann/programmables.py I showed this to the Pygame list and recieved some interest and a completely different, more sophisticated implementation: http://codereactor.net/~shang/interpret/ As-is, both versions are wide-open security holes. I think that I can patch them up if I run checks on the statements and eliminate all language features that pose risks. Then, features that are useful but not needed at their full capacity can be accessed through functions designed to be secure. Forcing a crash is not considered an exploit for this purpose(since it's a game engine - if it crashes, the user can recover and lose no data) What I'd like to know is, is it possible to meet this level of security, and if so, which features have to be eliminated? The two that I'm sure should go are module imports and self-modifying code. But in the latter case, I don't know all the ways that might be done. It seems like a very complicated problem, and if I can't solve it I might leave the whole thing unsecured. -- http://mail.python.org/mailman/listinfo/python-list
