▲ | eesmith 8 hours ago | |
No, I'm not. I'm talking about the history beyond why rexec and Bastion, and restricted execution, were removed from Python in the 2.x days. See https://python.readthedocs.io/en/v2.7.2/library/restricted.h... , "In Python 2.3 these modules have been disabled due to various known and not readily fixable security holes." They started because back in the 1.x days there was a Python web browser called Grail, and the hope was to support restricted Python applets in Grail. Or from 10 years ago, read https://lwn.net/Articles/574215/ about the failure of 'pysandbox' where one of the ways to break out was to "[use] a traceback object to unwind the stack frame to one in the trusted namespace, then use the f_globals attribute to retrieve a global object." ... "Stinner's tale should serve as a cautionary one to anyone considering a CPython-based solution". You might consider RestrictedPython at https://restrictedpython.readthedocs.io/en/latest/ which supports only a subset of Python, via AST-walking to limit what the code can do. I have no experience with it. | ||
▲ | high_byte 4 hours ago | parent | next [-] | |
I didn't use RestrictPython. I did manage to patch the __subclasses__() escape with a hack. if only I can patch the exceptions traceback too I think it will be good enough :) edit: here are my silly little patches: https://github.com/hananbeer/cpython-toy-sandbox/commit/fa3f... this is of course assuming exec(globals={..}) without certain builtins and is, again, not expected to use system apis like files or sockets or anything. | ||
▲ | high_byte 8 hours ago | parent | prev [-] | |
thanks, RestrictedPython looks like it could work for me! |