Embedding Python in Python
JCM
joshway_without_spam at myway.com
Wed Aug 18 17:36:44 EDT 2004
Jack Diederich <jack at performancedrivers.com> wrote:
> On Wed, Aug 18, 2004 at 08:25:04PM +0000, JCM wrote:
>> Jack Diederich <jack at performancedrivers.com> wrote:
>> > On Wed, Aug 18, 2004 at 07:44:47PM +0000, JCM wrote:
>> ...
>> >> I don't think it's as difficult as you think. Your snippet of code
>> >> would be rejected by the rules I suggested. You'd also want to
>> >> prohibit other builtins like compile, execfile, input, reload, vars,
>> >> etc.
>> >>
>> > foo = "ev" + "al"
>> > e = vars()['__builtins__'].__dict__[foo]
>> > print e('2+2')
>>
>> Also would be rejected by my original set of rules (can't use
>> __dict__). But I'd disallow vars too.
> Google groups for this topic, it's been dead horse kicked.
> You would have to eliminate getarr too and any C func that can
> result in an infite loop.
Infinite loops (and other resource use) are a different story, not
addressed by source code inspection. I worked on a project which
needed to run untrusted code, and we dealt with the infinite-loop
situation by always running untrusted code on the main thread and
signalling it if it took too long to execute (this worked on unix--I
don't know what you'd do on Windows). I realize this could leave data
in a bad state. Infinite loops are harder to deal with.
More information about the Python-list
mailing list