Remix.run Logo
billpg 7 months ago

I'm interested in an answer. Is there a way, by design, to run code from an untrusted source in a restricted manner? So the worse the code could do is call me rude names.

eesmith 7 months ago | parent | next [-]

Not staying in Python. Python's run-time is not built for sandboxing.

If you set up a new runtime environment, like a FreeBSD jail, with no access to anything and a short CPU limit, then start you could start a Python subprocess in that environment, where the only thing that gets out is data via a pipe to call you names.

An operating system like FreeBSD is built to run code in a restricted manner.

high_byte 7 months ago | parent | prev [-]

I believe that's basically docker which uses linux seccomp, but there are also sandboxes for language specific applications.

ps. browsers basically do that with javascript