Sandboxes

[Peter Hansen]

42 wrote:
> I was planning on "sanitizing" the language instead of relying on rexec 
> and bastion so issues with them shouldn't be relevant.

I think in dealing with security, deciding what might be relevant before 
you fully understand the problem is somewhat premature... but it's your 
neck. :-)

> I'm curious about the 'other' stuff that was alluded to, that could 
> still occur in a python with all its __import__, import, exec, eval, and 
> various reflection/metadata builtins prohibited (e.g. getattr)...

Okay, but are you saying that combining those keywords with "security" 
when searching comp.lang.python in Google Groups produced no useful 
results?  When I do it, I generally get to threads where somebody rushes 
in with suggestions about how to add security where the core Python 
people fear to tread (so to speak), and after a short period of back and 
forth where each idea is quickly shot down, the thread sort of dies out 
as (I suspect) the OP realizes the problems are fundamental and probably 
can't be fixed without changes to the Python core itself, or at least 
can't be fixed *with confidence* without a thorough security audit which 
so far nobody has valued enough to actually do.

-Peter