Non-secure execution environment

Aaron Brady castironpi at
Fri Apr 17 13:06:11 CEST 2009

On Apr 17, 1:47 am, roge... at wrote:
> Hi,
> I am C++ guy for the most part and don't know much of Python, so,
> please, bear with me if I am asking errrm..idiotic question.
> Old rexec module provided kinda 'secure' execution environment. I am
> not looking for security at this point. What I need an execution
> environment which almost like rexec, but is non-secure.
>   What I want is:
>   separate global dictionary,
>   separate list of imported modules,
>   separate sys.path
>   (optionaly) separate __builtins__
> I might be able to get away without my own builtins, but the rest I
> need.
> If  it's any help, I plan to use it to execute embedded Python scripts
> from C++.
> Thanks,
> Gennadiy

It depends what you mean by secure environment.  One option is to
create a subprocess, to just limit access your variables.  Another is
to compile and examine their code yourself, and prohibit things like
access to the file class, the os module, etc.

I once had some success with removing the Lib folder, leaving only
certain exceptions, but you need a custom 2nd install for that.

In general, there's no good way.  Python was designed to free your
mind, not tie your hands.

More information about the Python-list mailing list