python sandbox

Uwe Schmitt uwe.schmitt at
Sat Jan 25 00:51:05 CET 2003

Levente Sandor <sandorlevi at> wrote:
> Uwe Schmitt <uwe.schmitt at> wrote in message news:<b0ougt$111ko7$1 at>...
>> Hi,
>> I wrote a simple sandbox for executing pyhton code in a
>> restricted environment.
>> The code can be downloaded from 
>> I appreciate any comments. I'm especially interested if
>> my restrictions are secure or if they can be circumvented.
>> Greetings, Uwe.

> Are there any advantages of your code versus the rexec module?

It was more some kind of exercise.... 
the concept is quite simple (if it works :-), but many fine grained
restrictions have to be done by the user: my code only restricts 
the acess to objects and their memebers, so if one wants to
allow reading of files, but not writing, one has to wrap this functionality 
in a small class, and pass this class to  Maybe thats in some 
cases a bit of work, but the concept is quite simple, so that most users
understand what does for them. And: simplicty can lead to higher
security.  (again: if the concept works...).

As it is discussed in another thread, it is not possible to
protect you from code like "while 1:pass".
And protection from high memory consumption can only be done
by catching the Memory exception.
The reason is the "exec" command, which can't be controlled from

Starting point was a tool for fitting functions to given data,
with the possibility to allow the user to define own functions,
which are not included in math / cmath.

Greetings, Uwe.

Dr. rer. nat. Uwe Schmitt      Computer science is no more about Computers,
uwe.schmitt at      than astronomy is about telescopes. (Dijkstra)           

More information about the Python-list mailing list