Sandboxes

[42]

FWIW I've already given up on making python secure. I agree that odds
are extremely high that I've missed something. I'm just curious to see
what one of the holes I left is, preferably without wading through
hundreds of pages

f = [x for x in [].__class__.__bases__[0].__subclasses__() if
x.__name__=='file'][0]
f('/path/to/important/file', 'w').close()

Thanks.

Still it clearly falls within the the scope of what I wanted to remove:
the built in reflection/metadata functions. I just didn't read enough of
the language spec to know there were more of them hidden here and there
than what were listed in keywords and built-in functions.

But they are a finite set. Evidently I'm not the one to do it, but
someone who knew python better, could probably enumerate the reflection
stuff more effectively than me.

I already gave up, but I don't think its a dead concept.

 

[Diez B. Roggisch]

Basically I just want a language to allow users to write macros,

interact with application objects, set property values, sequence
operations, supporting loops and branch logic and so forth.

Something along the lines of a drawing program that allowed uers to
write and/or download scripts to perform batches of arbitrary
(parameterized) operations.

e.g.scripts along the lines of:

function drawfan(x,y,r)
i=45
while (i<90)
if i.isEven()
color=red;
else
color=blue;
PublishedInterface.Drawline(x,y, x+r*sin(i), y+r*cos(i),color)
i++
end while

I want the 'worst case' a malicious script to be able to accompish to be
a program crash or hang.

The you migth want to think about not criplling the language, but the
library - I'm not sure what has to be done to do that, but maybe these
lines of thought help more - the "usual" thing for restricted execution
was to provide it inside a otherwise fully working interpreter (like
ZOPE). But I might be mistaken.

Diez