Embedded python security

[Dave Conrad]

I'm working on a program that is going to have some scriptable elements,
with, perhaps, untrusted users uploading scripts to a server.  (I say
'perhaps' because the details and architecture are still being worked out.)

I thought briefly about creating my own mini-language (the scriptable
elements will not be too terribly flexible, and the scripts will thus
tend to be simple), but I don't relish the work, the bugs, and the
inherent idiosyncratic-ness that will result from reinventing this
particular wheel, and so I'm considering something like python, or s-lang,
or guile, or javascript as an embedded scripting language.

The thing is, I don't need users trying to hack the server through the
scripts, and I know that those kind of security issues have been tackled
in the case of javascript since it is used for client-side web scripting.
My question is, have these kinds of issues been dealt with in python?  Is
there some kind of "sandbox" I can run python scripts in?

I know the interpreter is embeddable in C programs (oh, did I mention I'm
writing this server code in C?  I ought to have, oughtn't I?), but is there
a version of it with all the I/O stuff, and execve stuff, ripped out?  And
other security issues tackled?  (The scripts aren't going to need to do
anything more than some computation, really.)

I like python, and have been using it on and off for a few months now (I'm
mainly a C, Java, Perl, and C++-when-necessary-for-pay programmer), and I'd
like to use it in this project, but I'm currently leaning to JavaScript
(Mozilla SpiderMonkey, specifically) because I trust these issues have been
dealt with there.  I'd appreciate any comments on the suitability of python
for this kind of thing, or any other comments you may feel like throwing
my way.  :-)

Thanks in advance.