On Mon, 27 Feb 2023 at 08:33, python--- via Python-ideas <python-ideas@python.org> wrote:
Thank you for the insight. I have some more work to do! I will share on this thread again when I've made further changes.
If you have some time, I would be grateful if you could share a few test cases such as "bypass it by spinning off a new thread", or. object.__subclasses__. code is not necessary but just pointers.
The trouble with that is, I don't really want to build and run your Python just for the test, so all I can really do is talk theoretically. But if you can name any module that IS permitted to import code, I can attempt (on a vanilla Python) to trigger it to import something of my choice. It's worth noting, for instance, that sys.path and its friends can be manipulated to control what would be imported; a trusted module could potentially be tricked into importing anything at all. Python simply isn't designed for security boundaries. ChrisA