[Python-Dev] Challenge: Please break this! (a.k.a restricted mode revisited) (original) (raw)
Paul Moore p.f.moore at gmail.com
Mon Apr 11 11:04:21 EDT 2016
- Previous message (by thread): [Python-Dev] Challenge: Please break this! (a.k.a restricted mode revisited)
- Next message (by thread): [Python-Dev] Challenge: Please break this! (a.k.a restricted mode revisited)
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On 11 April 2016 at 15:46, Jon Ribbens <jon+python-dev at unequivocal.co.uk> wrote:
It's trying to alter the global Python environment so that arbitrary code can be executed, whereas I am not even trying to allow execution of arbitrary code and am not altering the global environment.
However, it's not at all clear (to me at least) what you are trying to do. You're limiting the subset of Python that people can use, understood. And you're trying to ensure that people can't do "bad things". Again, understood. But what subset are you actually allowing, and what things are you trying to protect against? (For example, I can't calculate sin(1.2) using the math module - why is that not alllowed? It's just as safe as using the built in exponential operator, and indeed I could write a sin() function in pure Python, although it would be too slow to be useful, unlike math.sin...)
It feels at the moment as if I'm playing a game where I don't know the rules, and every time I think I scored a point, the rules are changed to retroactively disallow it.
Paul
- Previous message (by thread): [Python-Dev] Challenge: Please break this! (a.k.a restricted mode revisited)
- Next message (by thread): [Python-Dev] Challenge: Please break this! (a.k.a restricted mode revisited)
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]