Is there a "safe" subset of Python for use as an embedded scripting language?
--
Music by Eric Matyas
https://www.soundimage.org
Track title: Cool Puzzler LoFi
--
Chapters
00:00 Question
01:38 Accepted answer (Score 10)
02:05 Answer 2 (Score 4)
02:54 Answer 3 (Score 4)
03:23 Answer 4 (Score 4)
03:37 Thank you
--
Full question
https://stackoverflow.com/questions/8618...
Accepted answer links:
[How can I run an untrusted Python script safely (i.e. Sandbox)]: https://wiki.python.org/moin/Asking%20fo...)
[Capabilities for Python?]: http://neopythonic.blogspot.com/2009/03/...
http://code.google.com/p/sandbox-python/
Answer 2 links:
[PyMite VM]: http://pythononachip.org
Answer 4 links:
http://doc.pypy.org/en/latest/sandbox.ht...
--
Content licensed under CC BY-SA
https://meta.stackexchange.com/help/lice...
--
Tags
#python #security #scripting #scriptinglanguage #embeddedlanguage
#avk47
ACCEPTED ANSWER
Score 10
Here are a couple of links to give you an idea on what you're up against:
- How can I run an untrusted Python script safely (i.e. Sandbox)
- Capabilities for Python? by Guido himself
There is also a dead google code project at http://code.google.com/p/sandbox-python/
ANSWER 2
Score 4
The pypy project offers sandboxing features, see http://doc.pypy.org/en/latest/sandbox.html .
ANSWER 3
Score 4
No there is no production ready subset of Python that is "safe". Python has had a few sand box modules which were deprecated due to deficiencies.
Your best bet is to either create your own parser, or isolate the python process with syscall hooks and a jailed account.
Some people might point you to PyPy, but it is unfinished.
ANSWER 4
Score 3
AFAIK, some attempts were made in standard python library, but they were not successful. See Restricted Execution for details.
Warning
In Python 2.3 these modules have been disabled due to various known and not readily fixable security holes. The modules are still documented here to help in reading old code that uses the rexec and Bastion modules.