[Python-Dev] Reviving restricted mode?

[Chris Angelico]

On Wed, Aug 13, 2014 at 11:11 PM, Isaac Morland <ijmorlan at uwaterloo.ca> wrote:
> While I would not claim a Python sandbox is utterly impossible, I'm
> suspicious that the whole "consenting adults" approach in Python is
> incompatible with a sandbox.  The whole idea of a sandbox is to absolutely
> prevent people from doing things even if they really want to and know what
> they are doing.

It's certainly not *fundamentally* impossible to sandbox Python.
However, the question becomes one of how much effort you're going to
go to and how much you're going to restrict the code. I think I
remember reading about something that's like ast.literal_eval, but
allows name references; with that, plus some tiny features of
assignment, you could make a fairly straight-forward evaluator that
lets you work comfortably with numbers, strings, lists, dicts, etc.
That could be pretty useful - but it wouldn't so much be "Python in a
sandbox" as "an expression evaluator that uses a severely restricted
set of Python syntax".

If you start with all of Python and then start cutting out the
dangerous bits, you're doomed to miss something, and your sandbox is
broken. If you start with nothing and then start adding functionality,
you're looking at a gigantic job before it becomes anything that you
could call an applications language. So while it's theoretically
possible (I think - certainly I can't say for sure that it's
impossible), it's fairly impractical. I've had my own try at it, and
failed quite badly (fortunately noisily and at a sufficiently early
stage of development to shift).

ChrisA