limited python virtual machine (WAS: Another scripting language implemented into Python itself?)
Michael Spencer
michael at i2partners.com
Tue Jan 25 14:46:42 EST 2005
Steven Bethard wrote:
>
> I wish there was a way to, say, exec something with no builtins and
with
> import disabled, so you would have to specify all the available
> bindings, e.g.:
>
> exec user_code in dict(ClassA=ClassA, ClassB=ClassB)
>
> but I suspect that even this wouldn't really solve the problem,
because
> you can do things like:
>
> py> class ClassA(object):
> ... pass
> ...
> py> object, = ClassA.__bases__
> py> object
> <type 'object'>
> py> int = object.__subclasses__()[2]
> py> int
> <type 'int'>
>
> so you can retrieve a lot of the builtins. I don't know how to
retrieve
> __import__ this way, but as soon as you figure that out, you can then
> do pretty much anything you want to.
>
> Steve
Steve
Safe eval recipe posted to cookbook:
http://aspn.activestate.com/ASPN/Cookbook/Python/Recipe/364469
Couldn't safe exec be programmed similarly?
'import' and 'from' are syntax, so trivially avoided
Likewise, function calls are easily intercepted
As you say, attribute access to core functions appears to present the
challenge. It is easy to intercept attribute access, harder to know
what's safe. If there were a known set of 'dangerous' objects e.g.,
sys, file, os etc... then these could be checked by identity against any
attribute returned
Of course, execution would be painfully slow, due to double -
interpretation.
Michael
More information about the Python-list
mailing list