Simple Python Sandbox
Roland Koebler
r.koebler at yahoo.de
Sat Aug 14 20:51:28 EDT 2010
On Sun, Aug 15, 2010 at 12:06:35AM +0000, Steven D'Aprano wrote:
> Hmmm... is that meant just as an illustration of a general technique, or
> do you actually have something against the class of 0?
It's a short illustration; 0 .__class__ itself is harmless, but e.g.
0 .__class__.__base__.__subclasses__() isn't.
> > But note that this is not a real sandbox! As soon as you allow *any*
> > unsafe function (e.g. open, import, eval, getattr etc.), you can easily
> > break out.
>
> Isn't that true of any sandbox though? Surely by definition, if you allow
> an unsafe function in any sandbox, it's no longer an effective sandbox.
In my opinion, a "real" sandbox should allow to use "unsafe" functions
(e.g. open(), import modules etc.) -- so you could run your normal code
in it. But it should prevent the "bad" effects of the code, e.g. by
redirecting I/O, limiting resources etc.
regards,
Roland
More information about the Python-list
mailing list