Sandboxes

[42]

In article <tpLNe.187$hn4.34901 at newshog.newsread.com>, 
eurleif at ecritters.biz says...
> 42 wrote:
> > I was wondering if it would be effective to pre-parse incoming scripts 
> > and reject those containing "import"?
> 
> getattr(__builtins__, '__imp' + 'ort__')('dangerousmodule')
> 

See that's sort of thing I'm talking about. :)

Earlier I mentioned that I figured I'd be ok to pre-parse the script to 
sanitize the langauge a bit.

There are what 30 odd built in functions? And a dozen or so keywords?

Basically if I turn off anything that deals with 'executable code', 
'meta data', or 'reflection' I'm hoping I'd be in the clear.

e.g.: looking at the built in function list these would be suspect... 
probably not all of them are dangerous, but I beleive I could get by 
without any of them:

first the keywords:
exec, import

and then the built in functions:

type, super, setattr, reload, property, open, locals, issubclass, 
isinstance, hasattr, globals, getattr, file, execfile, eval, dir, dict, 
delattr, compile, classmethod, callable, __import__

I'd also filter:

raw_input, input, and help  (as they don't make sense in the 
application) context anyway.

Sure I might be seriously crippling the power of python by doing this, 
but that's rather the point :), and it should be fine for my purposes.

Thoughts? Still gaping holes?

thanks in advance,
Dave