Running insecure python code

Noen not.available at
Thu Feb 26 19:23:09 CET 2004

Im developing a game where the players will program their equipment with 
python. Are there any ways to run insecure code? I dont want the clients 
to mess with the server-code through their own code, or even DOS the box 
by using up too much memory.

Here is some examples of how the equipment should be programmed:
# Proxmity explosive example

import cpu

explosive = cpu.connection(0x01,"explosive")
motion_detector = cpu.connection(0x02,"explosive")
class Main:
	def event_Motion(self):

	cpu.reg_event(motion_detector.event_Motion, self.event_Motion)

# Broadcast chat equipment

import cpu
import io

terminal = cpu.connection(0x01,"User personal terminal connection")
radio = cpu.connection(0x02,"Radio tranceiver")
mem = cpu.connection(0x03,"Memory chip")
if mem.get("FREQ") == None: freq = 12345 ;"FREQ",12345)

class Main:
	cpu.reg_event(radio.receive, self.event_Message)
	cpu.reg_event(terminal.input, self.event_Input)
	def event_Message(self,message):
		terminal.write(message + "\r\n")
	def event_Input(self,data):
		if data[0] == "/":
			if string.upper(string.split(data[1:]))[0] == "CHANNEL":

I see the following problems:
1. looping code
	Are there any way to avoid this by checking the "eip" within a 	usercode?
	Is it possible to multiplex between user codes to avoid this?
	Is it possible to limit execution speed (set the cpu to 5 instructions 
pr second)

2. blocking code / untrusted/insecure code
	Is there a effective way to limit the available functions the usercode? 
(perhaps like the java securityhandler way)

3. memory-dos
	Limiting the storage size (or even forcing the user to store EVERYTHING 
in the mem object)

I dont know if this is even possible (without modifying the python 
source, which would force me to perhaps seperate server code and user code)

More information about the Python-list mailing list