[Python-Dev] Some news from my sandbox project

Victor Stinner victor.stinner at haypocalc.com
Sat Sep 18 12:05:26 CEST 2010

Le samedi 18 septembre 2010 10:39:58, Robert Collins a écrit :
> __builtins__ is in everyone's global namespace, so if it can be
> mutated, different python programs running in the same sandbox can
> affect each other.
> Ditto sys.modules and os environ, but I guess that those are already
> addressed.

sys.modules and os.environ are not accessible in pysandbox :-) If you create a 
rule in the security policy to allow them, you will get read only views.

Example with sys.modules:

sandbox>>> from sys import modules
sandbox>>> modules['sys']
TypeError: Unable to proxy a value of type <type 'module'>
sandbox>>> modules['sys']=1
SandboxError: Read only object

Builtin module type is blocked because it is unsafe.

Victor Stinner

More information about the Python-Dev mailing list