limited python virtual machine (WAS: Another scripting language implemented into Python itself?)

Jack Diederich jack at
Wed Jan 26 12:03:01 EST 2005

On Wed, Jan 26, 2005 at 05:18:59PM +0100, Alexander Schremmer wrote:
> On Tue, 25 Jan 2005 22:08:01 +0100, I wrote:
> >>>> sys.safecall(func, maxcycles=1000)
> > could enter the safe mode and call the func.
> This might be even enhanced like this:
> >>> import sys
> >>> sys.safecall(func, maxcycles=1000,
>                  allowed_domains=['file-IO', 'net-IO', 'devices', 'gui'],
>                  allowed_modules=['_sre'])
> Any comments about this from someone who already hacked CPython?

Yes, this comes up every couple months and there is only one answer:
This is the job of the OS.
Java largely succeeds at doing sandboxy things because it was written that 
way from the ground up (to behave both like a program interpreter and an OS).
Python the language was not, and the CPython interpreter definitely was not.

Search for previous discussions of this on


More information about the Python-list mailing list