Chris Withers wrote at 2007-11-22 17:08 +0000:
Dieter Maurer wrote:
Chris Withers wrote at 2007-11-20 23:55 +0000:
Dieter Maurer wrote:
You execute their code in a "globals" the "__builtins__" of which contains precisely the builtins you want to give them. unfortunately that still leaves the import problems, correct?
The "import" "command" is mapped to the "__import__" builtin.
Thus, changing the "__import__" builtin....
Hmmm, looking into this more. I think fiddling with supplying __builtins__ and __import__ is susceptible to those being deleted from the local or global namespace and so being replaced by ones from the above namespace.
Am I right in seeing those as security risks? These seem to be some of the reasons rexec and bastion were dropped from python:
There have been reasons why Python no longer promisses a secure restricted environment....
When you look carefully, you see that this problem has been fixed.
http://mail.python.org/pipermail/python-dev/2002-December/031160.html
You handle this with security proxied objects, right? Security questions are very delicate. Nobody will probably give you a garantee that the approach is really safe. -- Dieter