[Python-Dev] Some news from my sandbox project (original) (raw)
Victor Stinner victor.stinner at haypocalc.com
Sun Sep 19 12:19:44 CEST 2010
- Previous message: [Python-Dev] Some news from my sandbox project
- Next message: [Python-Dev] Some news from my sandbox project
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Le dimanche 19 septembre 2010 01:05:45, Greg Ewing a écrit :
I don't follow. Trusted functions such as proxy() shouldn't be sharing a builtins dict with sandboxed code. (...) So give each program its own copy of builtins.
By "program" you mean a "process"? proxy() and untrusted functions are executed in the same process and the same interpreter. Untrusted code calls (indrectly) proxy(): should I create a new copy of builtins for each frame? I don't know how to do that in Python (without modify the Python interpreter) and I suppose that it will make Python slower. The frame mechanism is already slow (create a new frame to call a Python function is much slower than calling a function in C).
pysandbox creates a new separated namespace for untrusted functions, but builtins "namespace" (dict) is shared between Python and pysandbox namespaces.
-- Victor Stinner http://www.haypocalc.com/
- Previous message: [Python-Dev] Some news from my sandbox project
- Next message: [Python-Dev] Some news from my sandbox project
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]