Simple Python Sandbox

Stephen Hansen me+list/python at
Sat Aug 14 01:37:40 CEST 2010


So, I'm working on a project which embeds Python into a bigger system to
provide extensibility. In this project, there's basically two types of
people who will be entering python code.

The trusted folks, who write code which are in files, and which can do

The untrusted folks, who are writing very simple chunks of code which
can only do limited things.

This latter group we want to sandbox as good as possible. Now, I know
that its not possible to perfectly sandbox Python, and I know certain
things will never be perfectly safe (like someone doing some crazy [0] *
100000 * 100000 and similar things). That's OK.

For this sandbox, we're killing import, execfile, open, eval, reload in
__builtin__. This all works well. However in previous discussions, I
learned about:

>>> [b for b in
if b.__name__ == 'file'][0]('../blahblah', 'w').write("Hi!")
>>> ^D
ixokai$ more ../blahblah

And things like that. (The above may not be the most efficient way to do
it). So, I had an idea: why not just do some simple sanitization. When
input comes in, just directly replace __ with DISALLOWED, and add
getattr/setattr/delattr to the mix of things we kill out of builtins.

This second group of people are doing simple little scripting tasks, and
not things that would ever involve needing to access a __method__, not
even a normal one like __init__. Most of what they do is me.this or
me.that("hi") and such. Occasionally there's a little simple logic, but
that's it.

Can you think of a way out of such a sandbox? A way to access disallowed
stuff, not a way to DOS.


   Stephen Hansen
   ... Also: Ixokai
   ... Mail: me+list/python (AT) ixokai (DOT) io
   ... Blog:

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 487 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the Python-list mailing list