Sandboxing Python

Christian Gollwitzer auriocus at
Sun Aug 23 07:17:33 CEST 2015

Am 23.08.15 um 02:04 schrieb Chris Angelico:
>> <code>
>>>>> import os
>>>>> eval("os.system('rm -rf /')", {"__builtins__":None})
>> Traceback (most recent call last):
>>    File "<pyshell#8>", line 1, in <module>
>>      eval("os.system('rm -rf /')", {"__builtins__":None})
>>    File "<string>", line 1, in <module>
>> TypeError: 'NoneType' object is not subscriptable
>> </code>
> Got it, thanks. The answer is: It's easy to make something you can't
> yourself break out of. It just means you don't know all the tricks.
>>>> cmd="""[c for c in ().__class__.__base__.__subclasses__() if c.__name__ == 'catch_warnings'][0]()._module.__builtins__["__import__"]("os").system("echo Hello")"""
>>>> eval(cmd,{"__builtins__":None})
> Hello
> 0
> Et voila. Arbitrary module loading, arbitrary code execution, have fun.

In one of my other favourite languages, you can create sandboxes very 
easily. You create them as a new slave interpreter with restrictions:

interp create -safe myInterp
myInterp eval $userinput

In addition to removing "dangerous" functions, you can limit the mount 
of time spent by the eval, or alias new functions to callbacks from the 
main interpreter (though this may break security)
This was once built into it for a browser plugin (now extinct).

Would it be that difficult to get the same for Python? On the C side, 
the interpreter is a structure and does not use global variables (as 
opposed to CPython), therefore it is easy to create more than one 
interpreter in a single program, and also to reflect that to the 
scripting level.


More information about the Python-list mailing list