Being a bit confused after hacking Python

Tue Jul 16 12:27:29 EDT 2002

Wolfgang Draxinger wrote:
> 1st:
> It'd be interessting to know, how to prevent scripts to delete
> imported modules. My engines load some standard modules into the
> interpreter by default. It's not bad when the modules are unloaded and
> reloaded, but this means for some modules a huge performance hit. Thats
> a bit disturbing in a realtime engine.

modules are only imported once. there is always a reference to it in 
sys.modules. any further calls to import that module just make another 
reference to the one already imported. even if you "del" the module and 
reimport it, you are getting the same one back. (i noticed even if you 
"reload(sys)" you still keep all the modules)

> 2nd:
> Is there anybody who knows, how to *import* a source module, that may be 
> compiled already, from contents in memory? My problem is that my engine 
> has a virtual file system that packs data compresed into packages, to 
> minimize bandwidth when loading from removeable media. The modules are 
> contained within such a package and thus cannot be accesed by a normal 
> operating system file.

you'll need to get into the "import hooks". this allows your own code to be 
called instead of the normal importer. i believe what you do is read the 
file data in (from your archive), then pass that along to the normal import 
code. i've never done this though, i don't believe it's hard, but who knows?

> 3rd:
> There are a few modules, like os or posix, which allow low level access 
> to the system. Since my engine has network support and the server 
> provides a remote console that works in python interactive mode, it 
> would be good to remove some of the builtin modules after Py_Initialize, 
> that were initialized via _PyImport_Inittab. It would be even possible 
> to write a virus that distributes within a multiplayer game, if that 
> access isn't restricted and a new type of virus is definitely what the 
> targeted users not want.
> There must be a official way to remove specific module entries, I think 
> of the things that rexec can do, but I didn't get out how it does, what 
> it does. I could of course create a own _PyImport_Inittab and thus just 
> not initialize the dangerous stuff. Is that a good solution?

with rexec you can keep the user from doing many things. you can also 
replace calls like "open" to map to your own virtual filesystem (which 
might be useful). there's some pretty good docs on it, but i'm not sure how 
you would set one up from the "c api".

as far as code security goes, i'm not sure how far you'll want to go? if 
you are running your own code only, perhaps some sort of signatures or 
checksums to hinder tampering? if you are running 3rd party scripts, 
there's always a chance someone could do something like "while 1:pass" or 
try to allocate millions of objects.

as for reloading sys resetting stdout, why do you ever need to reload it? 
if you just want to reset the stdout variables, just set sys.stdout to 
sys.__stdout__. the __stdout__ is the "original" stdout object.