Untrusted code execution
Steven D'Aprano
steve at pearwood.info
Wed Apr 6 21:45:08 EDT 2016
On Wed, 6 Apr 2016 11:14 pm, Random832 wrote:
> On Tue, Apr 5, 2016, at 21:43, Steven D'Aprano wrote:
>> As Zooko says, Guido's "best argument is that reducing usability (in
>> terms
>> of forbidding language features, especially module import) and reducing
>> the
>> usefulness of extant library code" would make the resulting interpreter
>> too
>> feeble to be useful.
>
> You don't have to forbid module import. The sandbox could control what
> modules can be loaded, and what happens when you try to load a module.
Sure, but you do have to forbid import of *arbitrary* modules. One could
include a white list of allowed modules, but it would probably be quite
small.
And you would have to do something about the unfortunate matter that modules
have a reference to the unrestricted __builtins__:
py> os.__builtins__['eval']
<built-in function eval>
And because modules are singletons, it's not just a matter of replacing the
__builtins__ with a more restrictive one, as that would affect trusted
modules outside the sandbox too.
--
Steven
More information about the Python-list
mailing list