My newmod.py hasn't yet been updated to use Tommy Burnette's newmodule,
so it requires an empty file "null_module.py" to be in the path. I'll
get around to fixing that soon, which will also eliminate the mystical
fiddling with sys.modules, leaving the only REAL hacker magic left to
be inserting the module into the callers namespace. ( If you don't like
that, that's why there is both "importmodule" and "ImportModule" ;-)
( I also ought to change that "1+''" error into just a "raise SomeError"
- for some reason the obvious just didn't enter my head when I wrote it!
I recall the reason I didn't clean it up further was that I wasn't sure
of the best way of wrapping up all of the possible options ( with explicit
path or sys.path or other path search ) into one call interface. )
MyModule = importmodule( pathNameString, moduleNameString )
returns the imported module as an object, and must be assigned to a symbol.
moduleNameString = 'MyModule'
ImportModule( pathNameString, moduleNameString )
has the side effect of setting MyModule to the module object.
( i.e. after either of the above, you should be able to type
"dir MyModule" and get the expected results. )
def newmodule( modname ):
sys.modules[modname] = sys.modules['null_module']
sys.modules[modname].__name__ = modname
def importmodule( filename, modname ):
module = newmodule( modname )
execfile( filename, module.__dict__, module.__dict__ )
1 + '' # make an error happen
except: # and return the caller's caller's frame
def ImportModule( filename, modname ):
newmodule = importmodule( filename, modname )
frame = caller() # get the caller's frame
frame.f_globals[modname] = newmodule # and enter name in dict
> I am looking for
> a way to set a "safe-script" mode from within a Python script. The
> application requires Python to be embedded in a client program with a
> safe mode for executing programs downloaded from an untrusted server
> and with a standard mode that the client can use for client side
> control. The intention is to allow a server to use a client as a
> surrogate execution environment without compromising the client's
> local operating environment.
> The safe mode should turn off functions defined to interact with the
> operating system, such as the open() function and it should prevent
> imports from being called unless they are found in a safe path.
Please keep up posted on your efforts!
I am not that paranoid about safety at the moment - my current
python servers or cgi(*) scripts ( except for a few experiments )
don't allow shipping of functions or eval or other unsafe commands,
but I would be very interested in a python equivalent to safe-tcl
for primarily the same function as safe-tcl is intended:
active mail objects or smart "telescript" like agents.
- Steve Majewski (804-982-0831) <sdm7g@Virginia.EDU>
- UVA Department of Molecular Physiology and Biological Physics
(*) There seems to be a lot of folks working on www & cgi python
scripts at the moment!