[Python-Dev] embedding python

Pxtl pxtl at rogers.com
Sun Aug 24 15:52:11 EDT 2003 

(Sent this already once from another account - don't think it worked)

Hi, my name is Martin Zarate, and i'm working on a 3d game engine for
educational and urban visualization purposes.  Our engine handles scripting
with an embedded Python interpreter (we designed our own customized class
structure, threading system, etc).   As of yet, we've never had to actually
modify the Python interpreter itself, so I'm loathe to start. Our chief
concern is this: our engine is designed with extensibility in mind - it
detects plugins of new objects and new code entering the system.  This code
may or may not be trusted, and rexec is dead.  That's a problem.

I realize rexec will not be coming back.  I don't need full rexec, I have a
much simpler requirement - I don't want the python interpreter to have
access to the system.  The embedding app (Daedalus) handles feeding in of
modules and content through  Py_CompileString and  PyImport_ExecCodeModule,
as well as building local namespaces in which the code is run.  Any access
to the embedding system is through custom data types and extension modules.

My point is that none of the system builtins or major modules are used - and
those builtins and modules are what allow the user to access and corrupt the
system.  While much of the builtins are still needed (basic data types, etc)
most of the built-in functions such as filesystem and systemcalls are
liabilities.  They could play with the file system, manipulate the system,
and do other things.  So, my question is this: is there any way to compile
Python as a true standalone?  That is, the only access to the system is
through extension modules?  I can't find any documentation on how to control
what builtin modules and functions are compiled in with Python.

Is there any interest in such a project?  Or, if I develop this myself
(although I have no idea how secure it could be - I don't know the builtins
very well) would be any interest in makign a patch/PEP of it?  This sort of
thing would be a boon to anyone embedding python.  I believe many embedded
apps could use this sort of feature (at the very least to keep the bloat
down).

Sincerely,
Martin

More information about the Python-Dev mailing list