[Python-Dev] pysandbox 1.5 released (original) (raw)
Yury Selivanov yselivanov.ml at gmail.com
Tue Mar 20 16:57:48 CET 2012
- Previous message: [Python-Dev] pysandbox 1.5 released
- Next message: [Python-Dev] [Python-checkins] cpython: Issue #14328: Add keyword-only parameters to PyArg_ParseTupleAndKeywords.
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Well, I really hope that the PEP regarding frozendict will be accepted. Especially due to the fact that the required changes are small.
With the recent projects like clojure-py, blog posts like http://goo.gl/bFB5x (Python becomes a platform), your pysandbox, it became clear that people start evaluating Python on a different level. And for developing custom languages, deeply experimenting with coroutines and who knows what else, frozendict is a missing concept in python's immutable types structure.
On 2012-03-20, at 8:32 AM, Victor Stinner wrote:
pysandbox is a Python sandbox. By default, untrusted code executed in the sandbox cannot modify the environment (write a file, use print or import a module). But you can configure the sandbox to choose exactly which features are allowed or not, e.g. import sys module and read /etc/issue file.
http://pypi.python.org/pypi/pysandbox https://github.com/haypo/pysandbox/ Main changes since pysandbox 1.0.3: - More modules and functions are allowed: math, random and time modules, and the compile() builtin function for example - Drop the timeout feature: it was not effective on CPU intensive functions implemented in C - (Read the ChangeLog to see all changes.) pysandbox has known limitations: - it is unable to limit memory or CPU - it does not protect against bugs (e.g. crash) or vulnerabilities in CPython - dict methods able to modify a dict (e.g. dict.update) are disabled to protect the sandbox namespace, but dict[key]=value is still accepted It is recommanded to run untrusted code in a subprocess to workaround these limitations. pysandbox doesn't provide an helper yet. pysandbox is used by an IRC bot (fschfsch) to evaluate a Python expression. The bot uses fork() and setrlimit() to limit memory and to implement a timeout. https://github.com/haypo/pysandbox/wiki/fschfsch -- The limitation on dict methods is required to deny the modification of the builtins dictionary. I proposed the PEP 416 (frozendict) but Guido van Rossum is going to reject it. I don't see how to fix this limitation without modifying CPython. http://www.python.org/dev/peps/pep-0416/ Victor
Python-Dev mailing list Python-Dev at python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/yselivanov.ml%40gmail.com
- Previous message: [Python-Dev] pysandbox 1.5 released
- Next message: [Python-Dev] [Python-checkins] cpython: Issue #14328: Add keyword-only parameters to PyArg_ParseTupleAndKeywords.
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]