-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Chris Withers wrote:
Chris Withers wrote:
I know we have security proxies nowadays and I'm hoping these have made things much more efficient that the old Zope 2 way of doing things (anyone have any ideas on this?) but is there still a way of running a piece of python in an environment where imports are controlled and "dangerous" builtins (ie: ones that would allow you to circumvent the security policy) are restricted?
Okay, I see two potentially interesting things:
http://svn.zope.org/zope.security/trunk/src/zope/security/untrustedpython/
and
http://svn.zope.org/RestrictedPython/trunk/src/RestrictedPython/
Are either of these still in use/maintained?
Both are. RestrictedPython is still used in Zope2. The 'untrustedpython' bit has lots of dependencies, and so is available as an "extra" for zope.security, e.g.: $ bin/easy_install --index-url=http://download.zope.org/zope3.4 \ zope.security[untrustedpython] My guess is that the dependency furball there needs untangling; however, that command line *does* get the pacakge installed. Tres. - -- =================================================================== Tres Seaver +1 540-429-0999 tseaver@palladion.com Palladion Software "Excellence by Design" http://palladion.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHQa7u+gerLs4ltQ4RAkYyAJ9fNyKTueny8Uy3ArmpHJxsmlFZrwCffE31 av7nmTBBMR9j13QygW3rYVo= =3see -----END PGP SIGNATURE-----