limited python virtual machine (WAS: Another scripting language implemented into Python itself?)

Jack Diederich jack at
Wed Jan 26 14:17:20 EST 2005

On Wed, Jan 26, 2005 at 10:23:03AM -0700, Steven Bethard wrote:
> Jack Diederich wrote:
> >Yes, this comes up every couple months and there is only one answer:
> >This is the job of the OS.
> >Java largely succeeds at doing sandboxy things because it was written that 
> >way from the ground up (to behave both like a program interpreter and an 
> >OS).
> >Python the language was not, and the CPython interpreter definitely was 
> >not.
> >
> >Search for previous discussions of this on
> Could you give some useful queries?  Every time I do this search, I get 
> a few results, but never anything that really goes into the security 
> holes in any depth.  (They're ususally something like -- "look, given 
> object, I can get int" not "look, given object, I can get eval, 
> __import__, etc.)

A search on "rexec bastion" will give you most of the threads, 
search on "rexec bastion diederich" to see the other times I tried to
stop the threads by reccomending reading the older ones *wink*.

Thread subjects:
Replacement for rexec/Bastion?
Creating a capabilities-based restricted execution system
Embedding Python in Python
killing thread ?


More information about the Python-list mailing list