Executing untrusted scripts in a sandboxed environment
Rodrick Brown
rodrick.brown at gmail.com
Sat Oct 6 09:25:20 EDT 2012
On Oct 5, 2012, at 6:32 PM, Robin Krahl <me at robin-krahl.de> wrote:
> Hi all,
>
> I need to execute untrusted scripts in my Python application. To avoid security issues, I want to use a sandboxed environment. This means that the script authors have no access to the file system. They may only access objects, modules and classes that are "flagged" or "approved" for scripting.
>
> I read that I will not be able to do this with Python scripts. (See SandboxedPython page in the Python wiki [0] and several SE.com questions, e. g. [1].) So my question is: What is the best way to "embed" a script engine in a sandboxed environment that has access to the Python modules and classes that I provide?
Checkout udacity.com I think there is a writeup on stackoverflow on
how they accomplished their sandbox runtime env.
>
> Thanks for your help.
>
> Best regards,
> Robin
>
> [0] http://wiki.python.org/moin/SandboxedPython
> [1] http://stackoverflow.com/questions/3068139/how-can-i-sandbox-python-in-pure-python
> --
> http://mail.python.org/mailman/listinfo/python-list
More information about the Python-list
mailing list