limited python virtual machine

Aahz aahz at
Sat Jan 29 12:31:45 CET 2005

In article <1gr3mwj.1mhbjao122j7fxN%aleaxit at>,
Alex Martelli <aleaxit at> wrote:
>Steven Bethard <steven.bethard at> wrote:
>> If I could see how to go from 'object' (or 'int', 'str', 'file', etc.)
>> to 'eval' or '__import__', that would help out a lot...
>>>> object.__subclasses__()
>[<type 'type'>, <type 'weakref'>, <type 'int'>, <type 'basestring'>,
><type 'list'>, <type 'NoneType'>, <type 'NotImplementedType'>, <type
>'module'>, <type 'zipimport.zipimporter'>, <type 'posix.stat_result'>,
><type 'posix.statvfs_result'>, <type 'dict'>, <type 'function'>, <class
>'site._Printer'>, <class 'site._Helper'>, <type 'set'>, <type 'file'>]
>Traipse through these, find one class that has an unbound method, get
>that unbound method's func_globals, bingo.

One thing my company has done is written a ``safe_eval()`` that uses a
regex to disable double-underscore access.
Aahz (aahz at           <*>

"19. A language that doesn't affect the way you think about programming,
is not worth knowing."  --Alan Perlis

More information about the Python-list mailing list