Safe Python Execution

Thu Feb 16 12:44:25 EST 2006

On Thu, 16 Feb 2006 07:59:03 -0800, Alex Martelli <aleaxit at yahoo.com> wrote:
>Graham <graham.abbott at gmail.com> wrote:
>
>> I've been messing around with trying to get a small sandbox like
>> environment where i could execute python code in a "safe" way.
>> Basically what the old restricted execution module attempted to do.
>> I've written a small amount of code to get custom interpreter running,
>> but i'm not really sure if its safe.
>>
>> The way i'm controlling functionality is with some games and exec, so
>> if 'code' was the text code you wanted to execute i run:
>>
>> exec code in {'__builtins__':None"}
>>
>> obviously this doesn't give you much to play with, but it does remove
>> file access and importing as far as i can tell. Can anyone think of a
>> hack around this? I assume if it was this easy it would be a module
>> already but i figured i would ask.
>
>I suggest compiling the code and examining the names used in the code
>object (co_names attribute of the code object which compile returns) --
>refuse to execute the code if it mentions, defines or uses any special
>name (starting and ending with two underscores).  That, plus removing
>almost all builtins as you do here, should be a good start.

A good start, perhaps, but still in need of a good finish.

    """
    exec 'print ' + ''.join(map(chr, [
        95, 95, 98, 117, 105, 108, 116, 105, 110, 115, 95, 95]))
    """

You can come up with a long list of restrictions to impose, and maybe that will be good enough.  But making it /perfect/ is a Herculean task, as is maintaining it as new Python releases are made, and auditing it every time you add a new piece of code to your system.

Just keep that in mind if you decide to pursue this.

Jean-Paul