[Python-Dev] Reviving restricted mode?

Steven D'Aprano steve at pearwood.info
Wed Aug 13 18:58:39 CEST 2014

On Thu, Aug 14, 2014 at 02:26:29AM +1000, Chris Angelico wrote:
> On Wed, Aug 13, 2014 at 11:11 PM, Isaac Morland <ijmorlan at uwaterloo.ca> wrote:
> > While I would not claim a Python sandbox is utterly impossible, I'm
> > suspicious that the whole "consenting adults" approach in Python is
> > incompatible with a sandbox.  The whole idea of a sandbox is to absolutely
> > prevent people from doing things even if they really want to and know what
> > they are doing.

The point of a sandbox is that I, the consenting adult writing the 
application in the first place, may want to allow *untrusted others* to 
call Python code without giving them control of the entire application. 
The consenting adults rule applies to me, the application writer, not 
them, the end-users, even if they happen to be writing Python code. If 
they want unrestricted access to the Python interpreter, they can run 
their code on their own machine, not mine.

> It's certainly not *fundamentally* impossible to sandbox Python.
> However, the question becomes one of how much effort you're going to
> go to and how much you're going to restrict the code.

I believe that PyPy has an effective sandbox, but to what degree of 
effectiveness I don't know.


I've had rogue Javascript crash my browser or make my entire computer 
effectively unusable often enough that I am skeptical about claims that 
Javascript in the browser is effectively sandboxed, so I'm doubly 
cautious about Python.


More information about the Python-Dev mailing list