I think python's import system is modularized and extensible. You can write restrictions in your program to limit how modules access external code. I've also been using the RestrictedPython project from Zope foundation. It overs a way of creating a sandbox environment for python quite easily by leveraging python's extensible nature. On Sun, Feb 26, 2023, 8:58 PM python--- via Python-ideas < python-ideas@python.org> wrote:
Could you elaborate on how Python code can easily bypass that sort of restriction?
From my understanding, you can only do so with importlib by reading the raw source and evaluating it. In that case, I can just restrict importlib? Same with the open function which is from the io module which can also be restricted (and removed from builtins in that case).
Here's a diff of my implementation and upstream's 3.11.0 tag. It's 17 commits with most being README changes. I hope this makes it more clear. https://github.com/python/cpython/compare/3.11...R9295:cpython:policy
Regards, Aarnav _______________________________________________ Python-ideas mailing list -- python-ideas@python.org To unsubscribe send an email to python-ideas-leave@python.org https://mail.python.org/mailman3/lists/python-ideas.python.org/ Message archived at https://mail.python.org/archives/list/python-ideas@python.org/message/NWQCBF... Code of Conduct: http://python.org/psf/codeofconduct/