question about Sandboxing.
Alex Martelli
aleaxit at yahoo.com
Sat Aug 11 05:46:17 EDT 2001
"Rainer Deyke" <root at rainerdeyke.com> wrote in message
news:bR0d7.25727$c8.7496696 at news1.denver1.co.home.com...
...
> As I understand it, 'rexec' is only safe if you don't pass in any unsafe
> objects. Classes, functions, and class instances are all generally
unsafe.
Yes, for some definition of 'generally'.
> What you need is 'Bastion', which (as I understand it) is a safe wrapper
> around an unsafe object. I assume 'Bastion' is implemented as a C
extension
> type, which gives it data hiding capabilities that Python class instances
> don't have.
Nope, it's pure Python -- see the Bastion.py source file in the Lib
directory of your Python installation. The key is that code subject
to restricted execution (untrusted code) is denied by the Python
interpreter itself some key introspection/reflection abilities, so
BastionClass can simply use __getattr__ and hide whatever object
attributes are wanted, and the untrusted code can't bypass that.
Alex
More information about the Python-list
mailing list