[Python-Dev] Challenge: Please break this! (a.k.a restricted mode revisited)
Paul Moore
p.f.moore at gmail.com
Mon Apr 11 11:04:21 EDT 2016
On 11 April 2016 at 15:46, Jon Ribbens <jon+python-dev at unequivocal.co.uk> wrote:
> It's trying to alter
> the global Python environment so that arbitrary code can be executed,
> whereas I am not even trying to allow execution of arbitrary code and
> am not altering the global environment.
However, it's not at all clear (to me at least) what you *are* trying
to do. You're limiting the subset of Python that people can use,
understood. And you're trying to ensure that people can't do "bad
things". Again, understood. But what subset are you actually allowing,
and what things are you trying to protect against? (For example, I
can't calculate sin(1.2) using the math module - why is that not
alllowed? It's just as safe as using the built in exponential
operator, and indeed I could write a sin() function in pure Python,
although it would be too slow to be useful, unlike math.sin...)
It feels at the moment as if I'm playing a game where I don't know the
rules, and every time I think I scored a point, the rules are changed
to retroactively disallow it.
Paul
More information about the Python-Dev
mailing list