[pypy-dev] PyPy for restricted execution Python
Christopher Armstrong
radeex at gmail.com
Thu Aug 19 00:37:58 CEST 2004
I want to have a function along these lines:
safeEval(code, ns={'name': obj}, operations=['import', 'def', 'for', 'while'])
It'll execute 'code', with only access to the names in 'ns' dict, and
only the operations listed in the 'operations' list. This function
would be called from a regular CPython interpreter, and safeEval would
be an interface to PyPy.
My end goal is to have potentially hundreds of *totally* untrusted
scripts running concurrently; they shouldn't be able to stomp on each
other or on the "main" application code. CPU and memory restriction
are a big issue, but I'm only concerned with namespace and operation
restriction at the moment. The core of any restricted system needs to
be able to start code in an absolutely empty environment, not allowing
anything at all. Then I can add operations and functions necessary for
my application after I do the Hard Work of auditing each one ;)
This is the same reason I was recently working (well, somewhat.. ;) on
PLT-Spy[1], an implementation of Python on PLT-Scheme. It compiled the
Python to Scheme code which has calls to a Python runtime implemented
for PLT. The Python runtime does 99% of its work by calling out to
libpython, i.e., CPython. So, this let me have my cake and eat it too:
I could take advantage of PLT's awesome restricted-execution support,
*and* I could use CPython without reimplementing the whole runtime.
But it wasn't _that_ simple: we have to modify some fundamental parts
of CPython to interoperate with PLT. The garbage collection and
namespace functions, in particular. I'm hoping I can entirely avoid C
code by using PyPy and still be able to use the stock Python runtime.
PyPy is confusing to me so far, though. I've worked with several
implementations of small languages, including a tiny lisp meant for
restricted execution, and even an implementation of Python (PLT-Spy).
I can't seem to get my brain integrated with the PyPy codebase, yet,
but I'm not sure where to start. So, given that explanation of my
goal, where should I start? What might I have to change in PyPy? How
can I get an analog of pypy.interpreter.main.run_string that lets me
restrict what's available to the code?
Thanks for any help :-)
1: http://plt-spy.sourceforge.net/
--
Twisted | Christopher Armstrong: International Man of Twistery
Radix | Release Manager, Twisted Project
---------+ http://radix.twistedmatrix.com
More information about the Pypy-dev
mailing list