Non-secure execution environment
castironpi at gmail.com
Fri Apr 17 13:06:11 CEST 2009
On Apr 17, 1:47 am, roge... at gmail.com wrote:
> I am C++ guy for the most part and don't know much of Python, so,
> please, bear with me if I am asking errrm..idiotic question.
> Old rexec module provided kinda 'secure' execution environment. I am
> not looking for security at this point. What I need an execution
> environment which almost like rexec, but is non-secure.
> What I want is:
> separate global dictionary,
> separate list of imported modules,
> separate sys.path
> (optionaly) separate __builtins__
> I might be able to get away without my own builtins, but the rest I
> If it's any help, I plan to use it to execute embedded Python scripts
> from C++.
It depends what you mean by secure environment. One option is to
create a subprocess, to just limit access your variables. Another is
to compile and examine their code yourself, and prohibit things like
access to the file class, the os module, etc.
I once had some success with removing the Lib folder, leaving only
certain exceptions, but you need a custom 2nd install for that.
In general, there's no good way. Python was designed to free your
mind, not tie your hands.
More information about the Python-list