Here's some proof of concept code I wrote a while back for this very
purpose. What I do is use compiler.parse to take a code string and
turn it into an abstract syntax tree. Then, using a custom visitor
object that raises an exception if it comes across something it
doesn't like, I use compiler.a
Paul Boddie wrote:
> http://wiki.python.org/moin/SandboxedPython
> http://wiki.python.org/moin/How_can_I_run_an_untrusted_Python_script_safely_%28i%2ee%2e_Sandbox%29
Yeah, from this I'm pretty much set on:
http://pypi.python.org/pypi/RestrictedPython/
I know it's pretty bulletproof (I've been us
On 19 Nov, 12:16, Chris Withers <[EMAIL PROTECTED]> wrote:
>
> I'm trying to build a secure execution environment for bits of python
> for two reasons:
[...]
> Have other people bumped into this problem?
> What solutions do people recommend?
It might be worth looking at these pages for some sugg
On 19 Nov, 11:16, Chris Withers <[EMAIL PROTECTED]> wrote:
> Hi All,
>
> I'm trying to build a secure execution environment for bits of python
> for two reasons:
>
> - to allow users of the system to write scripts in python without
> circumventing the application's security model
>
> - to allow the
Alberto Berti wrote:
> maybe using import hooks?
>
> http://www.python.org/dev/peps/pep-0302/
Well, as Lazlo reminded me, there are also plenty of builtins that are
problematic... although hopefully providing a limited set of contents
for the global and local namespaces could solve that?
But,
Laszlo Nagy wrote:
> Once upon a time, there has been a module called "bastillon" (am I
> right?) and "rexec" (restricted execution environment) but they were not
> really secure. It was a long time ago. Python is very flexible, and
> interpreted and it is hard to prevent the users from importin
Alberto Berti wrote:
> maybe using import hooks?
>
> http://www.python.org/dev/peps/pep-0302/
>
>
I don't think so. Anyone can hook the import statement. And this is just
one reason. Some objects are built in. For example, file(). How can you
restrict file creation? I believe that there is no
maybe using import hooks?
http://www.python.org/dev/peps/pep-0302/
--
http://mail.python.org/mailman/listinfo/python-list
Chris Withers wrote:
> Hi All,
>
> I'm trying to build a secure execution environment for bits of python
> for two reasons:
>
> - to allow users of the system to write scripts in python without
> circumventing the application's security model
>
> - to allow the system to have an environment where
