On Mon, 27 Feb 2023 at 04:56, python--- via Python-ideas <python-ideas@python.org> wrote:
Could you elaborate on how Python code can easily bypass that sort of restriction?
From my understanding, you can only do so with importlib by reading the raw source and evaluating it. In that case, I can just restrict importlib? Same with the open function which is from the io module which can also be restricted (and removed from builtins in that case).
Here's a diff of my implementation and upstream's 3.11.0 tag. It's 17 commits with most being README changes. I hope this makes it more clear. https://github.com/python/cpython/compare/3.11...R9295:cpython:policy
Do you block access to the __import__ function? To sys.modules and the cache of already-imported modules? What about eval() and various ways of executing arbitrary code? How about object.__subclasses__()? ChrisA