[Python-3000] Will we have a true restricted exec environment for python-3000?

[Vineet Jain]

Nick Coghlan wrote:
> are somewhat staggering, and designing an in-process sandbox to cope 
> with that is a big ask (and demonstrating that the sandbox actually 
> *achieves* that goal is even tougher).
I was thinking along the lines of:

1. Start a "light" python interpreter, which by default will not allow 
you to import anything including any of the standard python libraries.
2. This light python interpreter will have hooks around
       memory allocation: Limit maximum memory used by the user. So 
users should not be able to do:
             [1]*100000000000
       bytecode execution: Limit time of execution of each python line. 
Users should not be able to:
            while True: i = i + 1
3. Have the ability to transfer objects between the main and the light 
python interpreter.

user_interpreters = {}
for user_name, user_module in all_user_modules:
   pl = python_light(memory_limit_per_instruction = "0.1M", 
execution_limit = "2S", memory_limit_interpreter="2M", allow_modules=None)
   pl.load_module(user_script)
   user_interpreters[user_name] = pl

for user_name in user_interpreters:
   pl = user_interpreters[user_name]
   update_globa_env(pl) #application specific function which will setup 
data to be used by the python interpreter
   try:
       user_function_value = pl.user_function()
   except Exceeded_Memory:_Per_Instruction:
   except Exceeded_Execution_Time_Limit:
   except Exceeded_Total_Memory_Limit:
       handle_exception()

It is up the the application builder to ensure that any and all 
modules/object that are added to the "light" python interpreter are secure.

Vineet