exec code with timeout?
Graham Fawcett
fawcett at teksavvy.com
Mon Sep 8 00:44:39 EDT 2003
OKB (not okblacke) wrote:
> I am fiddling around with a Python-based MUD which allows users to
>code MUD objects in Python. This code is executed from within the
>server code with "exec".
>
Danger, Will Robinson! Unchecked exec() calls are the path to ruin!
>However, sometimes errors in user code can
>result in infinite loops, which cause the MUD to hang. I am wondering
>if there is a way to put a timeout on the exec, so that it returns
>control to the main program if the user code doesn't return within a
>certain amount of time.
>
> I am not concerned with security per se here -- in general I can
>assume that any users who are using the MUD are trusted and will not
>write malicious code.
>
Hanlon's Razor: "Never attribute to malice that which can be adequately
explained by stupidity."
>I am chiefly aiming to catch simple,
>unintentional programming errors. For instance, I don't want the MUD
>to hang just because someone innocently forgot to include a break
>inside a "while 1:" block. All I need is a very crude form of control
>-- a simple timeout would do.
>
>
The Python 2.3 C API now provides a function, PyThreadState_SetAsyncExc,
that
will let you raise an exception in another thread asynchronously, thereby
taking it down. But I don't think there's a Python wrapper function for
it. I
suppose you could write your own...
The RestrictedPython module in Zope may suit your needs; it was designed
for a
similar use scenario. Search the list, there was a discussion about
RestrictedPython not long ago.
-- Graham
More information about the Python-list
mailing list