(Sent this already once from another account - don't think it worked)
Hi, my name is Martin Zarate, and i'm working on a 3d game engine for educational and urban visualization purposes. Our engine handles scripting with an embedded Python interpreter (we designed our own customized class structure, threading system, etc). As of yet, we've never had to actually modify the Python interpreter itself, so I'm loathe to start. Our chief concern is this: our engine is designed with extensibility in mind - it detects plugins of new objects and new code entering the system. This code may or may not be trusted, and rexec is dead. That's a problem.
I realize rexec will not be coming back. I don't need full rexec, I have a much simpler requirement - I don't want the python interpreter to have access to the system. The embedding app (Daedalus) handles feeding in of modules and content through Py_CompileString and PyImport_ExecCodeModule, as well as building local namespaces in which the code is run. Any access to the embedding system is through custom data types and extension modules.
My point is that none of the system builtins or major modules are used - and those builtins and modules are what allow the user to access and corrupt the system. While much of the builtins are still needed (basic data types, etc) most of the built-in functions such as filesystem and systemcalls are liabilities. They could play with the file system, manipulate the system, and do other things. So, my question is this: is there any way to compile Python as a true standalone? That is, the only access to the system is through extension modules? I can't find any documentation on how to control what builtin modules and functions are compiled in with Python.
Is there any interest in such a project? Or, if I develop this myself (although I have no idea how secure it could be - I don't know the builtins very well) would be any interest in makign a patch/PEP of it? This sort of thing would be a boon to anyone embedding python. I believe many embedded apps could use this sort of feature (at the very least to keep the bloat down).