Embedding Python in Python
JCM
joshway_without_spam at myway.com
Wed Aug 18 16:33:09 EDT 2004
Robey Holderith <robey at slash_dev_slash_random.org> wrote:
> On Wed, 18 Aug 2004 19:44:47 +0000, JCM wrote:
...
>> I don't think it's as difficult as you think. Your snippet of code
>> would be rejected by the rules I suggested. You'd also want to
>> prohibit other builtins like compile, execfile, input, reload, vars,
>> etc.
> I'm going to have to agree with Paul on this one. I do not feel up to
> the task of thinking of every possible variant of malicious code. There
> are far too many ways of writing the exact same thing. I think it would
> be much easier to write my own interpreter.
Well it certainly isn't easier to write your own interpreter if you're
talking about the effort you'd need to put into it. And I'm not
convinced it's that tricky to come up with a set of syntax rules to
decide whether a piece of code is simple/safe enough to run. It
basically comes down to disallowing certain statements and certain
identifiers. Of course you'll end up rejecting a lot of code that
isn't malicious.
If you're interested enough, I'll try to throw a safety-checker
together. You'd have to be pretty interested though (I'm lazy).
More information about the Python-list
mailing list