Sandboxing eval() (was: Calculator)

[musbur at posteo.org]

Is it actually possible to build a "sandbox" around eval, permitting it
only to do some arithmetic and use some math functions, but no
filesystem acces or module imports?

I have an application that loads calculation recipes (a few lines of
variable assignments and arithmetic) from a database. 

exec(string, globals, locals)

with locals containing the input variables, and globals has a
__builtin__ object with a few math functions. It works, but is it safe?