Embedding a restricted python interpreter
Maurice LING
mauriceling at acm.org
Wed Jan 5 00:43:46 EST 2005
Rolf Magnus wrote:
> Hi,
>
> I would like to embed a python interpreter within a program, but since that
> program would be able to automatically download scripts from the internet,
> I'd like to run those in a restricted environment, which basically means
> that I want to allow only a specific set of modules to be used by the
> scripts, so that it wouldn't be possible for them to remove files from the
> hard drive, kill processes or do other nasty stuff.
> Is there any way to do that with the standard python interpreter?
>
I won't really count on that. In my opinions, which may be wrong, Python
is not constructed to work in a sandbox like Java. Java does it by
subjecting all classes that it loads through a security manager. What
you seems to want is a Python to have Java applet-typed of restrictions.
You can try to use 'exec' to run your scripts in a constructed
environment. For example,
global = {}
local = {}
... your stuffs ....
statement = [] # to hold the script to run
for line in statement:
exec statement in global, local
global and local are the global and local namespaces respectively.
Although it had been explained to me before but I can't recall the
details of how it works. In gist, you may be able to craft a global and
local environment for your script to run in.
I do not know if it is possible to disable or override 'import'......
maurice
More information about the Python-list
mailing list