import question
Chris Angelico
rosuav at gmail.com
Thu Nov 18 15:20:56 EST 2021
On Fri, Nov 19, 2021 at 7:09 AM lucas <sjlukacs at gmail.com> wrote:
>
> hello one and all,
>
> are there any other ways to import a module or package other then the "import" or "from...import..." statements? i ask because i'm allowing programming on my web2py website and i don't want any accessing packages like os or sys.
>
> thank you in advance and have a great day, lucas
>
Yes, there are many. For starters, the importlib module can do
anything that importing can do, as can the __import__ function. Plus,
with Python code, you could open the file, read from it, and exec it.
There are myriad ways to fetch up code, and it's even possible to
break out of a sandbox without ever using a single underscore.
If you're trying to make a Python-in-Python sandbox, I recommend not.
Instead, use an OS-level sandbox (a chroot, probably some sort of CPU
usage limiting, etc), and use that to guard the entire Python process.
Python-in-Python will basically *never* be secure.
ChrisA
More information about the Python-list
mailing list