restricted execution

[Kendall]

I'm building a system which allows users to submit Python code to be executed in
the context of a table search facility.  The user sends data files and Python
code and the system will execute the code, making the datafiles available as
tables with fast search methods.  The result is a customizable calculator able
to be extended by the users.

My question is about restricting what the user can do with Python.  I've
experimented with code like this

dict = {}
for i in AllowedBuiltinList :
exec "dict['" + i + "'] = " + i

__builtins__ = dict
del dict

Where the AllowedBuiltinList is missing things like __import__, open, and eval.
If I paste this in every user defined module, have I effectively prevented all
access to the file system and network?  I'm not letting them import sys or os in
their module either.

I also need to prevent infinite loops.  I've fiddled with the thread state
object in the interpreter and added a tick_limit.  In the main interpreter loop
I decrement this and raise a system error if its exhausted.  It works, but I'd
like to know if anyone else has done something similar.

Thanks!