limited python virtual machine (WAS: Another scripting language implemented into Python itself?)

Alexander Schremmer 2004b at
Tue Jan 25 22:08:01 CET 2005

On Tue, 25 Jan 2005 12:22:13 -0700, Steven Bethard wrote:

>  >>This is a serious issue.
>  >>
>  >>It's also one that brings Tcl, mentioned several
>  >>times in this thread, back into focus.  Tcl presents
>  >>the notion of "safe interpreter", that is, a sub-
>  >>ordinate virtual machine which can interpret only
>  >>specific commands.  It's a thrillingly powerful and
>  >>correct solution to the main problem Jeff and others
>  >>have described.
>  >
>  > A better (and of course *vastly* more powerful but unfortunately only
>  > a dream ;-) is a similarly limited python virutal machine.....
> Yeah, I think there are a lot of people out there who would like 
> something like this, but it's not quite clear how to go about it.  If 
> you search Google Groups, there are a lot of examples of how you can use 
> Python's object introspection to retrieve "unsafe" functions.

IMHO a safe Python would consist of a special mode that disallows all
systemcalls that could spy/harm data (IO etc.) and imports of
non-whitelisted modules. Additionally, a loop counter in the interpreter
loop would ensure that the code does not stall the process/machine.

>>> sys.safecall(func, maxcycles=1000)
could enter the safe mode and call the func.

I am not sure how big the patch would be, it is mainly a C macro at the
begginning of every relevant function that checks the current "mode" and
raises an exception if it is not correct. The import handler would need to
check if the module is whitelisted (based on the path etc.).

Python is too dynamic to get this working while just using tricks that
manipulate some builtins/globals etc.

Kind regards,

More information about the Python-list mailing list