I think python's import system is modularized and extensible. You can write restrictions in your program to limit how modules access external code.

I've also been using the RestrictedPython project from Zope foundation. It overs a way of creating a sandbox environment for python quite easily by leveraging python's extensible nature.

On Sun, Feb 26, 2023, 8:58 PM python--- via Python-ideas <python-ideas@python.org> wrote:

Could you elaborate on how Python code can easily bypass that sort of restriction?

>From my understanding, you can only do so with importlib by reading the raw source and evaluating it. In that case, I can just restrict importlib? Same with the open function which is from the io module which can also be restricted (and removed from builtins in that case).

Here's a diff of my implementation and upstream's 3.11.0 tag. It's 17 commits with most being README changes. I hope this makes it more clear.
https://github.com/python/cpython/compare/3.11...R9295:cpython:policy

Regards,
Aarnav
_______________________________________________
Python-ideas mailing list -- python-ideas@python.org
To unsubscribe send an email to python-ideas-leave@python.org
https://mail.python.org/mailman3/lists/python-ideas.python.org/
Message archived at https://mail.python.org/archives/list/python-ideas@python.org/message/NWQCBFQECB3CI3WSHSK46FTX3MAN5Z25/
Code of Conduct: http://python.org/psf/codeofconduct/