| ▲ | billpg 8 months ago | |
I'm interested in an answer. Is there a way, by design, to run code from an untrusted source in a restricted manner? So the worse the code could do is call me rude names. | ||
| ▲ | eesmith 8 months ago | parent | next [-] | |
Not staying in Python. Python's run-time is not built for sandboxing. If you set up a new runtime environment, like a FreeBSD jail, with no access to anything and a short CPU limit, then start you could start a Python subprocess in that environment, where the only thing that gets out is data via a pipe to call you names. An operating system like FreeBSD is built to run code in a restricted manner. | ||
| ▲ | high_byte 8 months ago | parent | prev [-] | |
I believe that's basically docker which uses linux seccomp, but there are also sandboxes for language specific applications. ps. browsers basically do that with javascript | ||