[Python-Dev] Some news from my sandbox project
Antoine Pitrou
solipsis at pitrou.net
Sun Sep 19 14:08:04 CEST 2010
On Sun, 19 Sep 2010 12:19:44 +0200
Victor Stinner <victor.stinner at haypocalc.com> wrote:
> Le dimanche 19 septembre 2010 01:05:45, Greg Ewing a écrit :
> > I don't follow. Trusted functions such as proxy() shouldn't
> > be sharing a __builtins__ dict with sandboxed code.
> > (...)
> > So give each program its own copy of __builtins__.
>
> By "program" you mean a "process"? proxy() and untrusted functions are
> executed in the same process and the same interpreter. Untrusted code calls
> (indrectly) proxy(): should I create a new copy of __builtins__ for each
> frame? I don't know how to do that in Python (without modify the Python
> interpreter) and I suppose that it will make Python slower.
>>> def f(): return oct
...
>>> f()
<built-in function oct>
>>> import types
>>> m = types.ModuleType("my builtins")
>>> m.__dict__.update(__builtins__.__dict__)
>>> m.oct = 3
>>> f.__globals__['__builtins__'] = m
>>> f()
3
Regards
Antoine.
More information about the Python-Dev
mailing list